Forum Discussion

Nimbostratus

Apr 21, 2011

Addressing Vulnerabilities - Presence of a Load-Balancing Device Detected

We routinely run Qualys scans on our environment, and the scan comes back with minor vulnerabilities called "Presence of a Load-Balancing Device Detected" based on "IP Identification". The results sho...

config

design

hooleylist

Cirrostratus

Apr 17, 2012

This seems like a non-issue. What can attacker do once they determine that a site is using a load balancer?

NMAP or online scans can generally fingerprint the OS of a site to provide more detail. For instance, example.com shows it's being hosted by a BIG-IP:

http://searchdns.netcraft.com/?restriction=site+ends+with&host=example.com

So an attacker even knows the vendor of the load balancer. It still begs the question of what can they do with that information?

You could try to change the behavior of BIG-IP to hide itself, but that would involve modifying TCP/UDP/iCMP behavior at a fairly low level. Is it really worth it to tinker with performance optimized settings to try to hide this minimal amount of information? I think it's better to invest time securing the infrastructure with timely patching, pentesting, etc versus worrying about OS fingerprinting.

Aaron

Forum Discussion

Addressing Vulnerabilities - Presence of a Load-Balancing Device Detected

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Transparent load balancing in Azure, Part 2

NGINXaaS for Azure: Load Balancing

F5 Distributed Cloud (XC) Global Applications Load Balancing in Cisco ACI

What is Load Balancing?