I received a request from a colleague to run some vulnerability scans on a public-facing box he's about to go live with. He is 100% willing to write me a formal letter of request to perform the scans, and specify the extent of the testing authorized. However, I'm wondering what the best practice is when doing this over from residential ISP. Are there friendly cloud/VPS providers you'd suggest? Is this type of thing allowed by ISPs without violating the ToS? My fear is that I'll start some basic scanning and have my internet access shut off, and have it take a while to sort out by presenting the proper authorization documents to the ISP. Any help is appreciated!