• Identifying Load Balancers - How to tell if the target host is behind a load balancer

    by
    abhaythehero
    Published on 10-27-2011 11:09 AM      Number of Views: 791  
    2 Comments Comments
    Credits to Joe McCray and his Defcon 18 talk


    1. Use dig command
    Look for multiple addresses resolving to one domain name.
    http://www.youtube.com/watch?v=EbLnKRH6dhA



    2. Sites like netcraft.com can be used to check for a ip details. If things like F5 BigIP appear, most probably the host is load balanced.
    http://www.youtube.com/watch?v=iaA2xxnm-1A



    3. Firefox Live HTTP Headers Add-on can be used to notice change in response headers. Make some generic request twice and notice change in response header. Things like IIS Server 6.0 in 1st response and IIS Server 7.0 in 2nd response indicates it is load balanced.

    Also, Look for modifications such as :
    BIGipServerOS in cookie
    nnCoection : close
    Cneonction : close
    http://www.youtube.com/watch?v=zZ-z6c9o8qU



    4. A shell script that detects load balancer
    :: ge.mine.nu ::
    http://www.youtube.com/watch?v=yVOCRYY6Tf0




    5. A python script that detects load balancer
    halberd
    http://www.youtube.com/watch?v=JnIJHri-NeM
    This article was originally published in blog: Identifying Load Balancers - How to tell if the target host is behind a load balancer started by abhaythehero
    Comments 2 Comments
    1. j0emccray's Avatar
      j0emccray - 11-26-2011, 02:21 PM


      Wow, nice article and video demos of the techniques. Thanks for giving me credit in this article - I really appreciate it. This is my first time coming to the Garage4Hackers website. It looks pretty good. Keep up the good work, and keep providing good content for the community. I was doing some googling for exploit dev stuff and came across several posts from 'vinnu' - he seems to be pretty good. I don't know who is running this site, but whoever you are as well as all of the contributors - AWESOME JOB!!!!!!!!!!!!!! Joe McCray Toll Free: 1-866-892-2132 Email: joe@strategicsec.com LinkedIn: Joe McCray | LinkedIn Twitter: Joseph McCray (@j0emccray) on Twitter Slideshare: Joseph McCray Presentations Channel GPG Key: http://strategicsec.com/JoeStrategicSec_Public.key Website: http://strategicsec.com
    1. abhaythehero's Avatar
      abhaythehero - 11-26-2011, 05:20 PM
      Thanks for the encouragement I would also take this opportunity to thank you for some of your excellent talks and slides. Welcome to the forum and we wish that you will enjoy your stay.

  • G4H Twitter

  • Latest Posts

    fb1h2s

    IE 6/7 :D , that would work out :D

    IE 6/7 :D , that would work out :D

    fb1h2s Today, 03:32 PM Go to last post
    amolnaik4

    1. how can i get pass this and automatically log...

    1. how can i get pass this and automatically log all the "httponly" cookies from the worldbank.com ?
    -- Well there is no direct way to access "httpOnly" cookies via javascript. That's it's job to...

    amolnaik4 Today, 02:26 PM Go to last post
    amolnaik4

    This is required to work CORS and requirement for...

    This is required to work CORS and requirement for Same Origin Policy. If the protocol/domain/port mismatches, SOP will prevent the communication.

    The "httpOnly" cookies will have no meaning in...

    amolnaik4 Today, 01:58 PM Go to last post
    Punter

    A Guide to Understand Flow Charts 208

    A Guide to Understand Flow Charts

    208

    Punter Today, 01:26 PM Go to last post
    Anant Shrivastava

    Its VirtualBox image only VMware has wierd error...

    Its VirtualBox image only VMware has wierd error running it.

    next release i will see if i can make sure compatibility is maintained right now i support only virtualbox

    FAQ : Android Tamer

    Anant Shrivastava Today, 12:52 PM Go to last post
"; for(var vi=0;vi