A security company wants you to DDoS its servers

Summary:"There is no such thing as bad publicity except your own obituary" - Brendan Behan. Ypigsfly, a company describing itself as a group of seasoned veterans of the Internet network infrastructure business, has just launched Killthisbox.

"There is no such thing as bad publicity except your own obituary" - Brendan Behan. Ypigsfly, a company describing itself

DDoS Challenge
as a group of seasoned veterans of the Internet network infrastructure business, has just launched Killthisbox.com, a DDoS challenge enticing you to knock down the site for 15 minutes in exchange for a fifty dollar gift certificate from the well known geeky outlet ThinkGeek.

Are the folks behind this challenge really trying to test their new DDoS protection system, or is this a case of a guerrilla marketing approach aiming to promote the DDoS mitigation services of the company by creating controversy?

Considering the non-technical description of the contest, as well as the lack of a detailed explanation of what constitutes "knocking them off the Internet", I think it's a marketing campaign that would inevitably attract negative publicity. Perhaps with a reason, taking into consideration the fact that the challenge stimulates others to build DDoS capacity or learn how to by providing a rather modest reward.

Moreover, none of the eventual participants would be able to imitate a realistic DDoS attack on target.killthisbox.com and knock it offline, unless of course they are real botnet masters who I doubt would waste their botnet's bandwidth in order to participate in the challenge. And even if the company's objective is to gather realistic data on the DDoS threatscape, having end users trying to DDoS you wouldn't provide the company with a realistic picture, and will also put the end users into the position of attackers abusing their network's resources - if detected and approached by their ISP. These are the rules of the DDoS challenge :

"1. Register a day and time of your attack along with your Handle and unique password 2. Try and knock this site off the Internet for 15 minutes, anyway you can 3. If you can, email us with your handle and unique password, name and address and we will send you your prize 4. No we are not trying to find out who you are and send the Authorities to your house, we are just testing a DDOS defense system"

Going through the real-time attack stats, you'll see end users doing nothing else but getting themselves in trouble, at least so far. I wonder is their upsteam provider Peer 1 Network Inc even aware of the competition, and what's their Network Operations Center take on it?

Topics: Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.