Load Balancing: Overview and Detection While Pen Testing

Load Balancing

Overview, Detection while pen testing

Load balancing, also popularly known as server farm, is a clustering technology of distributing a workload across multiple processing resources to achieve optimal resource utilization, maximize throughput, minimize response time, and also helpful in avoiding overload. Using multiple components with load balancing, instead of a single component, may also increase reliability through redundancy. In computers, it is a networking methodology to distribute workload across multiple computers or a computer cluster, network links, central processing units, disk drives, or other resources, to achieve optimal resource utilization. It is provided by dedicated software or hardware, such as a multilayer switch or a DNS (Domain Name System) server.

Internet server programs supporting mission-critical applications such as financial transactions, database access, corporate intranets, Bank Websites, Share Market and other key functions must run 24×7. The networks need the ability to scale performance to handle large volumes of client rush without creating unwanted delays. For these reasons, Load Balancing is of wide interest to the enterprises. Such as: Google, Microsoft, Citi Bank, HSBC bank etc.

Load balancing is especially important for those networks where it’s difficult to predict the number of requests that will be issued on a server. Busy Websites typically employ many servers in a load balancing program. If one server starts to get overloaded, requests are forwarded to another server with more capacity and this process is maintained with all servers.

The load balancer determines which server in your network is the least loaded and routes requests to that machine. It intelligently assigns requests, so all of the servers can operate at their full capacity. This can dramatically improve website reliability and response time. It also reduces the need for additional web servers and enhancing the user experience.

Load balancing is used to provide a single Internet service from multiple servers. Load balancer is a software program when it comes to provide internet, which listens on the port where external clients connect to access services of the server. The load balancer forwards requests to one of the backend servers, which usually replies to the load balancer. This allows the load balancer to reply to the client without client ever knowing about the internal separation of functions. It also prevents clients from contacting backend servers directly, which may have security benefits by hiding the structure of the internal network and preventing attacks on the kernel’s network stack or unrelated services running on other ports.

Load balancer when classified into software and hardware, has many features. It has many useful features like the load balancer can buffer responses from the server and spoon-feed the data out to slow clients, allowing the server to move on to other tasks. This feature is called TCP Buffering. It’s another good feature HTTP Compression reduces amount of data to be transferred for HTTP objects by utilizing gzip compression available in all modern web browsers. The larger the response and the further away the client is the more this feature will improve response times. The tradeoff is that this feature puts additional CPU demand on the Load Balancer and it is a feature which could be done by web servers instead. Some load balancers can hide HTTP error pages, remove server identification headers from HTTP responses, and encrypt cookies so end users can’t manipulate them.

During penetration testing, it is some time hard to achieve good results when a machine is behind load balancing or server farm. Also it makes difficult to attain a complete and accurate test of the target due to use of load balancing technique. So today, we will have a quick lookout on how to get the machine IP or how to detect whether the target has load balancing applied or not.


[+] Using Linux Console:

Using Linux console, we can check whether a target is behind load balancing or not. The command dig is used here. Below is the result using the dig command:

 [+] Using Shell script:

A shell script Lbd can also be used to identify load balancing. We had used the script and obtained the following result:

[+] Using Netcraft:

Netcraft, online and offline tool has been a good resource in VA/PT for information gathering. As an online resource, Netcraft would be the best to identify targets behind load balancer. Here we have used Facebook again as an example and using netcraft.com we are able to point out f5 big-ip:

These were the methods used to detect load balancing while penetration testing. Load balancing is a useful concept that saves lot of efforts and utilizes the best. We hope this article gave you a clear overview.

Author: Prashant Uniyal

Source: Originally Published In Hacker5 Magazine June Edition



Know about Defending yourself from Google hackers –>http://resources.infosecinstitute.com/defending-from-google-hackers/

About Microsoft Certifications Offered by InfoSec —>http://www.infosecinstitute.com/certifications/microsoft.html