Quote:
Originally posted by garett
Huh? Why ?
Let's say you've got 5 web servers behind one load balancer... and they're all running the same version of apache, configured the same way (that's a safe assumption in most cases) and I happen to know of an exploit that just might work on that version of apache.
I run my exploit, it goes through your load balancer, to one of the 5 webservers, exploits the bug and
bam I have a shell running as the httpd user (or whatever user apache is running as) on that webserver.
Sure I've only cracked one of the 5 servers .. but who cares ? Now I poke around and see that the dumbass sysadmin that installed this box left an exploitable version of sendmail running even though it's not being used (it happens quite often) .. I exploit it and I have root.
Now I own your webserver. Sure if I log out I lose the exploited one .. but I can still grab sensitive information while I'm there .. and I can always re-run the exploit later on and get another server. The load balancer is not an issue here at all.. it passes everything through port 80 to one of the 5 servers .. it doesn't care what's being passed through.
Unless I'm missing something.
|
Hrmm good point. I'm not familar with any exploits and such as I haven't done any network amdinistration for years.....I leave that upto our SysAdmin now.
The only system I still work with is our NetApps.
Maybe I should stop replying now since you guys know more about the security/exploits stuff than I
