A final note on load balancer security
So far, we've discussed how an attacker might be able to gain insight or access to the internal network if they can get server names or IP addresses. We discussed how a malicious actor can get that information using information disclosed by the cookies used in a local balancer configuration for persistent settings. How else can an attacker gain information about our target servers (which are behind the load balancer and should be hidden)?
Certificate transparency information is another favorite method for getting current or old server names, as we discussed in Chapter 8, Certificate Services on Linux. Even if the old server names are no longer in use, the records of their past certificates are immortal.
The Internet Archive site at https://archive.org takes "snapshots" of websites periodically, and allows them to be searched and viewed, allowing people to go "back in time" and view older versions of your infrastructure...
