• Home »
  • Insights »
  • Backtrack 4: Information Gathering: DNS: LBD – Check a domain for load balancing

Backtrack 4: Information Gathering: DNS: LBD – Check a domain for load balancing

The next tool up for review in the DNS section of the Backtrack 4 menu is a short script called lbd.sh. This is a small shell script with only one purpose and that is to check whether a domain is using load balncing. A common host in front of a bank of Web servers may be a load-balancing device or a Web redirector, so this information can be good to know.

The usage is very simple:

bash

  1. root@666:/pentest/enumeration/lbd# ./lbd.sh
  2.  
  3. lbd - load balancing detector 0.1 - Checks if a given domain uses load-balancing.
  4.                                     Written by Stefan Behte (http://ge.mine.nu)
  5.                                     Proof-of-concept! Might give false positives.
  6. usage: ./lbd.sh [domain]

As you can see this is only a proof of concept so make sure you back up your findings with a second tool. This is excellent practice anyway when working on a penetration test. I never trust just one tool, I always like to get some back up data.

Lets run this on cnn.com since we have been using them for all the dns tutorials so far:

bash

  1. root@666:/pentest/enumeration/lbd# ./lbd.sh cnn.com
  2.  
  3. lbd - load balancing detector 0.1 - Checks if a given domain uses load-balancing.
  4.                                     Written by Stefan Behte (http://ge.mine.nu)
  5.                                     Proof-of-concept! Might give false positives.
  6.  
  7. Checking for DNS-Loadbalancing: FOUND
  8. cnn.com has address 157.166.255.19
  9. cnn.com has address 157.166.255.18
  10. cnn.com has address 157.166.226.26
  11. cnn.com has address 157.166.226.25
  12. cnn.com has address 157.166.224.26
  13. cnn.com has address 157.166.224.25
  14.  
  15. Checking for HTTP-Loadbalancing [Server]:
  16.  Apache
  17.  NOT FOUND
  18.  
  19. Checking for HTTP-Loadbalancing [Date]: 13:45:43, 13:45:43, 13:45:43, 13:45:43, 13:45:43, 13:45:43, 13:45:44, 13:45:44, 13:45:44, 13:45:44, 13:45:44, 13:45:44, 13:45:45, 13:45:45, 13:45:45, 13:45:45, 13:45:45, 13:45:45, 13:45:45, 13:45:46, 13:45:46, 13:45:46, 13:45:46, 13:45:46, 13:45:46, 13:45:47, 13:45:47, 13:45:47, 13:45:47, 13:45:47, 13:45:47, 13:45:48, 13:45:48, 13:45:48, 13:45:48, 13:45:48, 13:45:48, 13:45:49, 13:45:49, 13:45:49, 13:45:49, 13:45:49, 13:45:49, 13:45:50, 13:45:50, 13:45:50, 13:45:50, 13:45:50, 13:45:50, 13:45:50, NOT FOUND
  20.  
  21. Checking for HTTP-Loadbalancing [Diff]: FOUND
  22. < Expires: Tue, 25 May 2010 13:46:42 GMT
  23. > Expires: Tue, 25 May 2010 13:46:43 GMT
  24. < Content-Length: 99979
  25. > Content-Length: 99806
  26.  
  27. cnn.com does Load-balancing. Found via Methods: DNS HTTP[Diff]

As you can see the script has found load balancing to be active and has determined the information via two different methods. This is just one small piece of a jig saw puzzle when mapping out a network but a useful piece.

Load Balancing Servers, Firewalls, and Caches (Hardcover)


List Price: $75.00 USD
New From: $29.95 USD In Stock
Used from: $8.06 USD In Stock

A Practical Guide to Linux Commands, Editors, and Shell Programming (2nd Edition) (Paperback)


List Price: $49.99
New From: $13.74 USD In Stock
Used from: $3.84 USD In Stock

Share