Dumb Ideas in Pentesting

Today’s SANS Diary reminded me of something that happened a while back.
The SANS entry New Risks in Penetration Testing was concerned that reputation scoring for an IP could be effected by pen testing from that IP address. I guess someone is taking the old Senderbase concept and applying it to all traffic.
The helpdesk received an issue a while back about an inability to communicate with a government website. After checking it out, it looked like they were blocking our external IP. We communicated with the government people and confirmed that their ISS IPS appliance had automatically blocked our IP because we were attacking them. I checked the logs and found that one of our people who pentests for a living had done some probing of XSS on a WordPress blog hosted on the government site. I turned that over to someone else to find out if he had authorization to be doing such.
Probing other companies from your companies main IP address is not such a good idea.