Next: Concepts Up: Introduction Previous: Introduction Contents
To cope with heavy traffic loads, web site administrators often install load balancer devices. These machines hide (possibly) many real web servers behind a virtual IP. They receive HTTP requests and redirect them to the real web servers in order to share the traffic between them.
There are a few ways to map the servers behind the VIP and to reach them individually.
Identifying and being able to reach all real servers individually (effectively bypassing the load balancer) is very important for an attacker trying to break into a site. It is often the case that there are configuration differences ranging from the slight:
to the extreme:
For an attacker, this information is crucial because he might find vulnerable configurations that otherwise (without mapping the real servers) could have gone unnoticed.
But someone trying to break into a web site doesn't have server software as its only target. He will try to subvert dynamic server pages in several ways. By identifying all the real servers and scanning them individually for vulnerabilities, he might find bugs affecting only one or a few of the web servers. Even if all machines are running the same server software, halberd can enumerate them allowing more thorough vulnerability scans on the application level.
2010-08-14