Is anyone familiar with the specific laws (in the US) regarding port scanning?
I'm very interested in testing the speed and accuracy of different port scanners on different operating systems. I have a lab with several physical boxes as well as VMware, but you just can't accurately simulate a large scale network with that (I'm talking 1000+ hosts).
The only time I really get to test enumeration tools on this kind of scale is when I'm actually on a paid pen testing job, but it's hard to really research and fine tune the parameters when you're on the clock. I've had issues in the past with large networks (10000+ hosts) and scans not being as fast or accurate as I would like, but I obviously can't simulate this kind of network at home.
Although full port scans are most likely against the TOS of most ISPs, not to mention just plain rude - I am wondering if it is feasible (and/or legal) to do a small subset (maybe 5-10 ports) on blocks of IPs over the internet.