Prison time is a bit of a stretch, considering we all do this legally with our get out of gaol free documents.
I had a severe talking to when I once accidentally mistyped an IP address range, and scanned a government installation rather than the small company I was meant to be auditing.
Nowadays I set my firewall every time I start a pentest - permit private IP ranges, and the IP range I am attacking, and nothing else. I can do most of the initial auditing stages (DNS, WHOIS, etc.) from another machine, and it makes sure I don't make that mistake again.