Hello guys I really need some technical Assistance here. I'm in a Pinch! So to say..
Anyway I understand that a Network Load Balancer is used as a "replacement" for a Server. As a server can be expensive and all. So, a Network Load Balancer is Used to cut the cost.
The thing is, I recieved an abusive Email. So I copied the Full Header and sent it for tracking. I found out it was from some university. So I called up to Enquire about the IP origins.
They said that it is assigned to a network load balancer and therefore it is unlikely for anyone to have sent an email using that IP address.
The thing is, how the hell the IP got there in my full header in the first place?it's definetly not IP spoofing or Cloaking.
So I wanna ask u guys out there if you know that an IP can be captured when someone is connected to a network Load Balancer to send an Email.
Thanks !
Network Load Balancer?
Hello There!
I saw your response on another post where you directed me to your question. . . .and quite frankly there are only two correct answers.
Answer One. Who ever you spoke to at the University is outright lying to you.
Answer Two. Who ever you spoke to at the University doesn't know what they are talking about!
The Load Balancer is acting as a server that directs traffic through multiple routes. . .so in fact, what you have is a Cheap Router/Server! Any Server or Load Balancer that has more than one network device in it, is actually acting as a Router too! And each Network that they are connected to must have a separate and unique Network address.
When a packet from the private side of your network, travels through the router (Load Balancer) it doesn't keep it's private network address. The IP address is replaced with that of the NEW Network that it has just travelled on, hence the address of the Load Balancer!!! BUT the load balancer/server/router always keeps the physical address of any packet that it receives in an ARP table so that a response or a reply can get back to the original sender.
This happens around the entire web, and think of it like Hanzel and Gretel dropping crumbs to find their way back home. . .except the birds don't eat them. . .they can just age out of the system ARP Table.
The Physical Address or MAC (Media Access Control) address is what is also known as a BIA. . .Burnt In Address. . .and it is usually on a Prom Chip on the network device. Some can be programmed with software.
Anyway, all the "load balancers" and routers and even your PC keeps an ARP table for look up! The network address and MAC Address are replaced in the 'Sender Info' fields within the packet when the packet goes through the "load Balancer" or Router. . .but the MAC from the packet that is originally being routed is captured to put in the ARP Table and kept somewhere within the packet headers, (different packet types keep it in different places) so that if a reply is received, the Router, server, or load balancer knows where to send the reply.
Therefore, ANYONE who is on one of the private University's internal networks and sends a packet that goes through the Load Balancer and RIGHT OUT to the Internet that packet will have the IP Address of the Load Balancer.
Call them back and tell them to get a clue! Or that some certification courses might help them. It isn't you who has the problem you don't understand . .it is them!
Reply:Thank you for your e-mail. I wrote you a response but Yahoo! Doesn't allow me to send it to you.
Good Luck, keep in touch and stay safe! Report It
Reply:I think the load balancer takes incoming traffic requests and forwards those requests to 1 of multiple internal servers (www3.yahoo.com, for example) and then that server sends you responses directly. In this sense all requests to one URL are load balanced among several independent servers. Essentially it is just URL redirection based on traffic usage. You can send information to a load balancer's IP but the load balancer never sends traffic outside of the LAN. So, that would probably be spoofing.
Reply:Instead why dont you report to spamcop in regards with the same.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment