A security company wants you to DDoS its servers

There is no such thing as bad publicity except your own obituary” - Brendan Behan. Ypigsfly, a company describing itselfDDoS Challenge as a group of seasoned veterans of the Internet network infrastructure business, has just launched Killthisbox.com, a DDoS challenge enticing you to knock down the site for 15 minutes in exchange for a fifty dollar gift certificate from the well known geeky outlet ThinkGeek.

Are the folks behind this challenge really trying to test their new DDoS protection system, or is this a case of a guerrilla marketing approach aiming to promote the DDoS mitigation services of the company by creating controversy?

Considering the non-technical description of the contest, as well as the lack of a detailed explanation of what constitutes “knocking them off the Internet”, I think it’s a marketing campaign that would inevitably attract negative publicity. Perhaps with a reason, taking into consideration the fact that the challenge stimulates others to build DDoS capacity or learn how to by providing a rather modest reward.

Moreover, none of the eventual participants would be able to imitate a realistic DDoS attack on target.killthisbox.com and knock it offline, unless of course they are real botnet masters who I doubt would waste their botnet’s bandwidth in order to participate in the challenge. And even if the company’s objective is to gather realistic data on the DDoS threatscape, having end users trying to DDoS you wouldn’t provide the company with a realistic picture, and will also put the end users into the position of attackers abusing their network’s resources - if detected and approached by their ISP. These are the rules of the DDoS challenge :

“1. Register a day and time of your attack along with your Handle and unique password
2. Try and knock this site off the Internet for 15 minutes, anyway you can
3. If you can, email us with your handle and unique password, name and address and we will send you your prize
4. No we are not trying to find out who you are and send the Authorities to your house, we are just testing a DDOS defense system”

Going through the real-time attack stats, you’ll see end users doing nothing else but getting themselves in trouble, at least so far. I wonder is their upsteam provider Peer 1 Network Inc even aware of the competition, and what’s their Network Operations Center take on it?

[Source: Zdnet]