Forum Discussion
funkdaddy_31014
Nimbostratus
Apr 21, 2011Addressing Vulnerabilities - Presence of a Load-Balancing Device Detected
We routinely run Qualys scans on our environment, and the scan comes back with minor vulnerabilities called "Presence of a Load-Balancing Device Detected" based on "IP Identification". The results sho...
netfortius
Nimbostratus
May 17, 2012As someone stated earlier - the IP ID "range" variance is indicative of LB - for example when doing something like:
$ sudo hping3 wwww.amazon.com -S -p 80
HPING wwww.amazon.com (en0 72.21.210.29): S set, 40 headers + 0 data bytes
len=46 ip=72.21.210.29 ttl=243 id=24092 sport=80 flags=SA seq=0 win=8190 rtt=22.2 ms
len=46 ip=72.21.210.29 ttl=241 id=14744 sport=80 flags=SA seq=1 win=8190 rtt=22.1 ms
len=46 ip=72.21.210.29 ttl=242 id=63761 sport=80 flags=SA seq=2 win=8190 rtt=22.0 ms
len=46 ip=72.21.210.29 ttl=243 id=58747 sport=80 flags=SA seq=3 win=8190 rtt=22.0 ms
len=46 ip=72.21.210.29 ttl=243 id=54002 sport=80 flags=SA seq=4 win=8190 rtt=22.1 ms
len=46 ip=72.21.210.29 ttl=243 id=30840 sport=80 flags=SA seq=5 win=8190 rtt=22.2 ms
len=46 ip=72.21.210.29 ttl=242 id=7919 sport=80 flags=SA seq=6 win=8190 rtt=22.1 ms
len=46 ip=72.21.210.29 ttl=241 id=9077 sport=80 flags=SA seq=7 win=8190 rtt=22.1 ms
len=46 ip=72.21.210.29 ttl=242 id=5873 sport=80 flags=SA seq=8 win=8190 rtt=22.1 ms
My question - follow-up to the original one - is different: when going "after" the real IP of any server being load balanced, the pen-test does not reveal any problems, whereas when going "after" the VIP a few alerts are being raised. How is that possible, and is the LB possibly sensitive to attacks to the system, itself, via the services that it offers (vs. servers behind it being at risk)?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects