Penetration Testing: Re: Providers blocking portscans - bad news for pentest?

["Maarten Hartsuijker" <subscriptions () hartsuijker com>]

Hmmm, I hope your ISP is not setting a trend over here in NL. So far, 
fortunately, I have not noticed any portscan blocking at my ISP. Using 
low-tech ISP appears to have its advantages as well ;-)
Personally, I still don't know if I consider blocking based on port scans a 
good or a bad thing. For instance: what would happen if someone decides to 
spoof the IPS of a couple of subnet-neighbours while portscanning? Or the 
IP's of the DHCP/DNS servers (I hope these are whitelisted)?
Maarten

> There is another consequence of this development. If providers start
> blocking suspect TCP/IP traffic then we will have to do our portscans from
> an IP-address near to the Internet entry point of our customers. But
> usually my customers don't have a free patch from where I could scan their
> external firewall interface. Most often they use an ADSL connection
> themselves to do their external portscans.
>
> And what if providers start filtering TCP/IP traffic. Then portscans will
> become very unreliable.
>
> Maybe this is "old news" for most of you, but since I haven't seen a
> discussion about this, I thought I should mention it.