Distributed Denial of Service (DDoS) attacks continue to pose a significant threat to online services. The raw bandwidth and packet rate of DDoS attacks keeps increasing, and attack methods keep adapting to new mitigation techniques. This results in a never-ending cat-and-mouse game between defenders and attackers.

In addition, the vast DDoS-for-Hire market makes it increasingly easy for new adversaries to enter the DDoS space. With just a few dollars and a few clicks, users can get hold of DDoS tools powerful enough to take down any target they like. Having multiple providers implies competition, each fighting to have the most attack power and get the most paying users. In order to measure the strength of their networks, DDoS-for-Hire providers abuse legitimate services as "trusted third parties" to get accurate measurements on performed DDoS attacks, called "Power Proofs". This raises the question: what is the impact of Power Proofs on the DDoS-for-Hire market?

In this talk, we present our findings concerning these DDoS Power Proofs. We show which services are abused by the community to create power proofs and how they use the results to build leaderboards. We investigate whether advertisements and claims are accurate, and analyze whether power proofs have an impact on the usage of DDoS networks. Our goal: investigating the impact of Power Proofs on the DDoS-for-Hire market.

During the presentation, we will show the data we collect concerning DDoS power proofs. We leverage self-reported statistics of DDoS-for-Hire providers, Telegram messages and DDoS test attack logs to get a "big picture" overview of the inner workings of the DDoS-for-Hire market. We also share a live dashboard showing live observations of DDoS test attacks.