If a load balancer misdirects your probes, what action should you take to continue testing?

When a load balancer sits in front of multiple backend servers, it can hide the individual weaknesses of each server by directing probes through its own logic. To continue testing effectively, you test the actual machines behind the balancer rather than the front-end endpoint. By directing probes at the real IP addresses of the backend servers, you gain direct visibility into the security posture of each host, unfiltered by the balancer’s distribution rules. This approach keeps testing accurate and focused on the true attack surface, without relying on the balancer to reveal or anonymize backend specifics. This is preferable to disabling the balancer, increasing probe rate, or probing DNS round-robin endpoints, which can be disruptive, violate scope, or still route through the balancer and miss server-specific issues. Focusing on the backend hosts aligns with evaluating the real vulnerabilities present on each server, assuming you have authorization to do so.