Category: Loadbalancer.org

Shell-shocked by shell shock? Bash vulnerability explained.

Having recovered from the recent Heartbleed vulnerabilities we now have another headline grabbing vulnerability to keep us all busy. First let me say that our product should be perfectly safe and secure unless you’ve already shared your passwords or forgotten to run “lbsecure”

Enhanced Microsoft IIS health checks using VBscript

By default, the load balancer uses a TCP connect to the port defined in the Virtual Service to verify the health of the real (backend) servers. For IIS this would typically be port 80. In many cases this kind of health check is adequate but for IIS this if often not the case.

Windows NLB (WNLB) and its disadvantages

Whilst Windows Network Load Balancing (WNLB) has been constantly improved in each version of Windows since it’s introduction in Windows 2000, it still has a fairly extensive list of disadvantages when compared to a hardware or virtual based loadbalancer.

Source IP Addresses, STunnel, Haproxy and Server Logs

When using proxies such as STunnel and HAProxy it’s easy to loose track of the client source IP address. This occurs for example when HAProxy is used in it’s default configuration to load balance a number of back-end web servers. By default, the source IP address of the packet reaching the web servers is the IP address of the load balancer and not the IP address of the client

Heartbleed 2.0? Not exactly but more OpenSSL issues have been found

In the wake of the recent Heartbleed Bug another series of OpenSSL vulnerabilities have been found. Whilst the Heartbleed bug was relatively easy to exploit, the latest batch of bugs are not. However if successfully exploited, there is potential for eavesdropping and traffic manipulation (CVE-2014-0224) as well as running arbitrary code on the vulnerable client or server (CVE-2014-0195)

Loadbalancer.org releases patch for the Openssl heartbleed vulnerability CVE-2014-0160

  Vulnerability Description The bug is in OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server. For more details, please refer to: http://heartbleed.com/   1) Updating the Hardware & Virtual Appliance   Appliance Software Versions Affected : v7.5, v7.5.1, v7.5.2, v7.5.3, v7.5.4   Hotfix Details : The hotfix includes a recompiled version of OpenSSL with the compile option “-DOPENSSL_NO_HEARTBEATS” which mitigates the vulnerability