Forum Discussion
hooleylist
Apr 17, 2012Cirrostratus
This seems like a non-issue. What can attacker do once they determine that a site is using a load balancer?
NMAP or online scans can generally fingerprint the OS of a site to provide more detail. For instance, example.com shows it's being hosted by a BIG-IP:
http://searchdns.netcraft.com/?restriction=site+ends+with&host=example.com
So an attacker even knows the vendor of the load balancer. It still begs the question of what can they do with that information?
You could try to change the behavior of BIG-IP to hide itself, but that would involve modifying TCP/UDP/iCMP behavior at a fairly low level. Is it really worth it to tinker with performance optimized settings to try to hide this minimal amount of information? I think it's better to invest time securing the infrastructure with timely patching, pentesting, etc versus worrying about OS fingerprinting.
Aaron