testing port scanners on a large scale - legally
Is anyone familiar with the specific laws (in the US) regarding port scanning?
I'm very interested in testing the speed and accuracy of different port scanners on different operating systems. I have a lab with several physical boxes as well as VMware, but you just can't accurately simulate a large scale network with that (I'm talking 1000+ hosts).
The only time I really get to test enumeration tools on this kind of scale is when I'm actually on a paid pen testing job, but it's hard to really research and fine tune the parameters when you're on the clock. I've had issues in the past with large networks (10000+ hosts) and scans not being as fast or accurate as I would like, but I obviously can't simulate this kind of network at home.
Although full port scans are most likely against the TOS of most ISPs, not to mention just plain rude - I am wondering if it is feasible (and/or legal) to do a small subset (maybe 5-10 ports) on blocks of IPs over the internet.