Tutorials

lbd – Tool to Detect Whether a Domain has Load Balancing Enabled

Load balancing(lbd) is the technique used in different services for balancing the load across different servers or NICs. It can be in any form. Load balancing can be done to evenly distribute workload through a series of Computer clusters.

Or it can be used within a single system to balance connections across a set of network interface cards or disks. In a cluster of computers, all systems will have all the data synced within them. A manager resource selects the specific node within the cluster when an incoming request is made.

The manager effectively transfers the connections to another node if the workload of any one of the nodes is high. Thus load balancing minimizes response-time & maximizes throughput. Load balancing can be implemented in both software & hardware levels.

Typical Load Balancing

Typically HTTP & DNS load balancing is done when a website has got a lot of incoming traffic like an e-Commerce website or the best example would be Facebook or Google itself.

These websites receive at least 10M requests per minute. So obviously a single host will not be able to serve all these requests. So their requests will be spread over a series of computing resource clusters in order to keep them running.

In a Security perspective, implementing HTTP  load balancing has the following major advantages:

DDos & Synflood Protection

Load Balancing enables SYN-Cookies which help in preventing DDoS Attacks. & SYN flood attacks.

SSL Offload & Acceleration

In TLS enabled sites, loads are much higher for the web server since a series of continuous asymmetric encryption is going on. This decreases the throughput, but load balancing balances the load across different nodes inside a cluster and distributes the excessive load due to TLS.

Hiding Error Pages

Some HTTP load balancers can hide the HTTP error pages from being seen outside.

Firewall & IPS

Implementing load balancing creates a layer between the client and the server. So direct connection between the client & server is not possible. So within this layer, firewalls & Intrusion Prevention Systems can be implemented. Moreover, a WAF also can be in the way.

Priority Queuing

Load balancers can prioritize the traffic & intelligently serve the incoming requests.

Referencehttps://en.wikipedia.org/wiki/Load_balancing_(computing)

https://www.citrix.com/glossary/load-balancing.html

Comming to the tool, an lbd is a short form for Load Balancing Detection. It is simply a shell script which automates a series of tests to verify whether a domain has load balancing.

Practical Use to a Pentester – lbd

One may ask why to detect load balancing during a pentest. The answer is that it eliminates inconsistency in results. The explanation is, Recon is the major part in every pentest. So it is very essential to determine the range of IP addresses which should be included in the scope of the test.

When dealing with servers with load balancing, the results of regular tests may vary due to the load balancer in work. Sometimes we may get different IP addresses when we ping the host at different times during a test. This is because a DNS-load balancer might be in place.

Missing this fact may prove fatal. Moreover, when determining the infrastructure of the target, we may miss this critical fact and as said earlier, we may miss the presence of an IDS/IPS or a Firewall in between the outside world & the target server.

Simply it may be configured to allow all HTTP traffic so that we are not able to detect it.

Referencehttp://www.sans.org/reading-room/whitepapers/testing/identifying-load-balancers-penetration-testing-33313

Options

Syntax: lbd targetdomain port(defaults to 53 & 80) <options>

If you are interested to get under the hood, try the following

cat /usr/bin/lbd

Lab: Enumerate a domain and detect whether it has load balancing enabled

This is simple detection. Let our target be Microsoft’s bing this time.

command: lbd bing.com 80
Load Balancing Detection
Load Balancing Detection

Try for yourself. Detect whether the e-Commerce company Amazon has load balancing on its web servers. Remember not to harm them or you may face consequences.

Ravi Sankar

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

11 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

11 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

2 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago