Load Balance Detector – Halberd

Simply another word to express about LBD – its “Headache Detection”

“What is headache & Who is Headache ?”

Lets find out the actual meaning of load balancing in
1. Telephone Switching & Signaling
2. LBD in Computer Networking

Telephone Switching & Signaling:
Recently we are also working on mobile networking & becoming master in it. Here is some point that i would like to introduce bit in the field of Load Sharing in Telephone Exchange Environment. Is this information connected with our IT security platform ? yes definitely, Just find out how our telephone exchange work on wired or wireless communication ?

(short note points cycle to learn) Telephone Switching & Signaling => Stored Program Control => Exchange Environment => Load Sharing Mode

Above cycle has particular meaning in the field of Telephone switching and signaling, studying mobile networking is very huge, i am sharing such points, to sake of understanding the Load balancing in Technology, lets compare that between telephone/mobile communication with Computer Networking.. Right ?

LBD in Computer Networking:
Load Balancing is a computer networking method for distributing workloads across multiple computing resources, such as computers, a computer cluster, network links, central processing units or disk drives.

Load balancing can be useful in applications with redundant communications links. For example, a company may have multiple Internet connections ensuring network access if one of the connections fails.

Wikipedia Source Code: http://en.wikipedia.org/wiki/Load_balancing_(computing)

LBD
Above figure gives you short imagination about load balancing – Load Balancing With ISA Server
Check out the link to configure Load Balancing in ISA server here.

Now time to move our focus on Detection – Headache Detection =>

LBD
Above figure give clarification on load balancer position in infrastructure, If our target is behind the load balancer then it will not respond that we are expecting in one to one connection. We have to observe lot in web auditing or Vulnerability assessment and penetration testing projects. Like target name, server name, session id during packet sent, date, time stamp etc..

Here we go with another tool to detect load balancer.. Halberd

Halberd discovers HTTP load balancers. It is useful for web application security auditing and for  load balancer configuration testing.

To cope with heavy traffic loads, web site administrators often install load balancer devices.  These machines hide (possibly) many real web servers behind a virtual IP. They receive HTTP  requests and redirect them to the real web servers in order to share the traffic between them. There are a few ways to map the servers behind the VIP and to reach them individually. Identifying and being able to reach all real servers individually (effectively bypassing the load balancer) is  very important for an attacker trying to break into a site. It is often the case that there are  configuration differences ranging from the slight:

  • server software versions,
  • server modules

to the extreme:

  • different platforms
  • server software.

For an attacker, this information is crucial because he might find vulnerable configurations that  otherwise (without mapping the real servers) could have gone unnoticed. But someone trying to  break into a web site doesn’t have server software as its only target. He will try to subvert dynamic server pages in several ways. By identifying all the real servers and scanning them individually for vulnerabilities, he might find bugs affecting only one or a few of the web servers. Even if all machines are running the same server software, halberd can enumerate them allowing more thorough vulnerability scans on the application level.

Tool Link:
https://github.com/jmbr/halberd
http://users.ices.utexas.edu/~jmb/

Halberd’s Manual PDF: halberd manual
Video URL: http://www.securitytube.net/video/699