Hi there,

I received a request from a colleague to run some vulnerability scans on a public-facing box he's about to go live with. He is 100% willing to write me a formal letter of request to perform the scans, and specify the extent of the testing authorized. However, I'm wondering what the best practice is when doing this over from residential ISP. Are there friendly cloud/VPS providers you'd suggest? Is this type of thing allowed by ISPs without violating the ToS? My fear is that I'll start some basic scanning and have my internet access shut off, and have it take a while to sort out by presenting the proper authorization documents to the ISP. Any help is appreciated!

I agree with m0wgli. Most of the providers have a "compliance with all laws" part in their ToS which basically says that you have to take care of all applicable laws and regulations from the country of your provider and your country. So your best bet would be to ask your provider directly.

You might want to also check if they block any traffic on their residential connections (you may not get an entirely honest answer here though).

For example, an ISP may only allow 80 and 443 inbound for business accounts. Was a service not vulnerable to an exploit, or did your reverse shell fail because that traffic was silently blocked by your ISP?

If you don't want to go the business account route, check out http://www.arpnetworks.com/ for an affordable VPS.

I really am not a fan of VNC for any systems I am storing sensitive data on ...

I do like their prices though, am currently using https://www.linode.com/ 1024 w/backup now and that winds up running me about $15 more a month than arpnetworks. I've been very happy with their service but this discussion prompted me to look for some other cheaper options. I used the hackingmachines BT5 VPS for awhile and am technically still a customer but theres no management and its really expensive.

I've got the same without back up. one thing I have been really impressed with is their security responses. I've had a few automated SSH Brute force attacks hit my server from other linode customers. They have been very prompt to respond.

VNC is used for out-of-band management, so you can get into the BIOS, etc. As I mentioned before, you can tunnel that over SSH.

Whether you install the OS yourself, or go with one of their default builds, you can install whatever software you want and use that. You're not required to use VNC for remote administration.