penetration test – How to perform external network scans that will not cause DoS?

Some industrial control systems (ICS) are known to be very sensitive and easily disrupted by uncommon probes. I think that even in a black box scenario you are entitled to ask what type of environment you are expected to test (at least get a rough idea). If availability is an issue, then it is crucial to establish a line of contact with your customer to address possible emergency situations should they arise.

To avoid DDOSing, the most obvious is of course not to flood the network with millions of packets. That should not be necessary anyway, unless you are probing the /8 network of a big corporation.

Then, understand what you are doing. If for example you are using nmap with default options, figure out what it does and does not, how many packets are issued per seconds and how they are crafted. The documentation is there for you, and you can also do simulations and analyze the resulting network traffic with tools like Wireshark.

That being said, even if you generate unusual traffic it is quite unlikely that your actions will crash remote services. If you send tons of traffic, that’s another story, your actions may cause temporary unavailability but not necessarily a crash.

Last but not least: if you are a professional pentester, you should maybe purchase insurance to cover professional risk and unforeseen damages (it can also provide reassurance to prospective clients).