Backtrack 4: Information Gathering: DNS: LBD – Check a domain for load balancing

The next tool up for review in the DNS section of the Backtrack 4 menu is a short script called lbd.sh. This is a small shell script with only one purpose and that is to check whether a domain is using load balncing. A common host in front of a bank of Web servers may be a load-balancing device or a Web redirector, so this information can be good to know.

The usage is very simple:

root@666:/pentest/enumeration/lbd# ./lbd.sh

lbd - load balancing detector 0.1 - Checks if a given domain uses load-balancing.
                                    Written by Stefan Behte (http://ge.mine.nu)
                                    Proof-of-concept! Might give false positives.
usage: ./lbd.sh [domain]

As you can see this is only a proof of concept so make sure you back up your findings with a second tool. This is excellent practice anyway when working on a penetration test. I never trust just one tool, I always like to get some back up data.

Lets run this on cnn.com since we have been using them for all the dns tutorials so far:

root@666:/pentest/enumeration/lbd# ./lbd.sh cnn.com

lbd - load balancing detector 0.1 - Checks if a given domain uses load-balancing.
                                    Written by Stefan Behte (http://ge.mine.nu)
                                    Proof-of-concept! Might give false positives.

Checking for DNS-Loadbalancing: FOUND
cnn.com has address 157.166.255.19
cnn.com has address 157.166.255.18
cnn.com has address 157.166.226.26
cnn.com has address 157.166.226.25
cnn.com has address 157.166.224.26
cnn.com has address 157.166.224.25

Checking for HTTP-Loadbalancing [Server]:
 Apache
 NOT FOUND

Checking for HTTP-Loadbalancing [Date]: 13:45:43, 13:45:43, 13:45:43, 13:45:43, 13:45:43, 13:45:43, 13:45:44, 13:45:44, 13:45:44, 13:45:44, 13:45:44, 13:45:44, 13:45:45, 13:45:45, 13:45:45, 13:45:45, 13:45:45, 13:45:45, 13:45:45, 13:45:46, 13:45:46, 13:45:46, 13:45:46, 13:45:46, 13:45:46, 13:45:47, 13:45:47, 13:45:47, 13:45:47, 13:45:47, 13:45:47, 13:45:48, 13:45:48, 13:45:48, 13:45:48, 13:45:48, 13:45:48, 13:45:49, 13:45:49, 13:45:49, 13:45:49, 13:45:49, 13:45:49, 13:45:50, 13:45:50, 13:45:50, 13:45:50, 13:45:50, 13:45:50, 13:45:50, NOT FOUND

Checking for HTTP-Loadbalancing [Diff]: FOUND
< Expires: Tue, 25 May 2010 13:46:42 GMT
> Expires: Tue, 25 May 2010 13:46:43 GMT
< Content-Length: 99979
> Content-Length: 99806

cnn.com does Load-balancing. Found via Methods: DNS HTTP[Diff]

As you can see the script has found load balancing to be active and has determined the information via two different methods. This is just one small piece of a jig saw puzzle when mapping out a network but a useful piece.

See larger image Load Balancing Servers, Firewalls, and Caches (Hardcover) By (author) Chandra Kopparapu List Price: $70.00 USD New From: $28.00 In Stock Used from: $21.87 In Stock

See larger image A Practical Guide to Linux Commands, Editors, and Shell Programming (2nd Edition) (Paperback) By (author) Mark G. Sobell List Price: $49.99 USD New From: $35.00 In Stock Used from: $14.15 In Stock

This entry was posted on Tuesday, May 25th, 2010 at 10:01 AM and is filed under Insights. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.