Load Balancing Detector (LBD)

Thousand of concurrent user and client requests can bog down a single server. Websites with a large amount of traffic will often have multiple servers and incorporate the use of balancers to help normalize network traffic. Load balancers distribute client requests and network traffic loads across multiple servers to improve efficiency and end user experience. This can be great for clients and end users, but for penetration testers this network distribution can cause inconsistent results. Identifying the presence of load balancers and its characteristics can help provide consistent results. 

Load Balancing Detector (LBD) is a reconnaissance tool used for locating identifying load balancing devices. It accomplishes this by detecting if a given domain uses DNS and/or HTTP Load-Balancing (via Server: and Date: header and diffs between server answers)

LBD is a tool that is best used in the initial information gathering phase of a penetration test. LBD is present in the default toolset of Kali Linux. 

In this demonstration I will be using the preinstalled version of LBD on Kali Linux. 

To start a scan type “lbd” followed by your target domain. 

Ex. lbd vulnweb.com

Throughout the scan, LBD will check the domain given for DNS and HTTP load balancers. The scan results often contain IP addresses, host names, cookie information, and the type of load balancing device.  The image below displays the results from our scan. 

Few things to note. Most of the additional options listed in the help section would not work at the time of testing using version 0.4. Running options such as “-a” or “-l” would only display the help section. As it states in the help documentation lbd is considered a proof of concept script and could result in false positives. Expectations should be tempered with this tool, however, its basic feature does provide valuable information that could assist with target research and penetration testing.