I'm all OS X. Let's get it fixed. I'll take a look at it if I get some time. Do you have a resource for these techniques? SANS SEC542 has some cool ideas f how to tackle this as well. In fact, I had planned on writing a module to do just this, so I'm pumped that you did it.
The DNS technique is pretty well known. The HTTP method I read an article somewhere, can't remember, but then I found a tool that does both: LBD by Stefan Behte (http://ge.mine.nu/code/lbd). The TCP/IP header I heard about (and then tested it) in SANS560... or was a friend of mine that did SANS540 and told me about... man... I need some vitamins or something...
You make several requests, timing the response time, then check the time stamps to see if any of the responses were off of the expected timing pattern. If one or more responses is a little off on timing, it would show that a load balancer is in place.
I agree with you on the rest as well. I'm good with whatever works. I'll leave it up to you.