Defending Reddit at Scale
Pratik Lotia, Spencer Koch
DEF CON 33 · Day 1 · Main Stage
In "Defending Reddit at Scale," Spencer Koch and Pratik Lotia, veteran security engineers from Reddit, pull back the curtain on the intricate strategies and architectural decisions behind protecting one of the internet's busiest platforms from distributed denial-of-service (DDoS) attacks and other malicious traffic. The talk delves into Reddit's sophisticated, multi-layered approach to rate limiting and traffic management, highlighting the challenges inherent in securing a service that processes 1.3 trillion requests and 175 petabytes of data weekly. This presentation is a crucial resource for security professionals grappling with high-volume web traffic, offering practical insights into signal collection, architectural patterns for defense in depth, and innovative resiliency techniques.
AI review
A genuinely useful war story from engineers who actually built the thing and are willing to show the seams — VCL snippets, the BigQuery pipeline, the slow-lane trick, header fingerprint collaboration with Fastly. Not groundbreaking research, but it's the kind of honest, transferable operational content that DEF CON's defender track exists for.