During a penetration test, if a Denial of Service (DoS) attack is not explicitly prohibited in the rules of engagement, it is permissible to conduct such a test without further confirmation from the client.
Even if the rules of engagement do not explicitly disallow certain tests such as Denial of Service (DoS) attacks, ethically and professionally, it is important for the penetration tester to seek explicit permission before conducting any tests that could disrupt the client's operations. Conducting such an invasive test without clear authorization could result in legal issues, client dissatisfaction, or unintended outages. Therefore, it is essential to have a clear agreement and understanding of what is permitted before proceeding.