Monday, August 8, 2011

Barret Lyon on DDoS and how to use Squid to Stop it.


In the world of Information Security, especially DDoS, Barrett Lyon is no stranger. Barrett was one of the co-founders of Prolexic (a company that specializes in DDoS Protection).  Barrett recently launched a new venture, called 3Crowd.
What intrigued me – is how I could possibly overlook a post by Barrett on his blog regarding DDoS. Albeit, he writes a lot of stuff concerning security, this mini-tutorial is worth looking into.
The latter is okay, but the Squid Proxy tutorial is something worthy for newbies to look into. How a Squid Proxy can really deflate a lot of the attack traffic, not to mention that most providers such as Prolexic, Gigenet, Staminus, etc. use SNORT and FreeBSD based boxes running PF (Packet Filter). A FreeBSD Box running PF can scale quite well and is very good an thwarting traffic. A lot of new small service providers are propping up – using a distributed FBSD setup, they are able to break up the incoming traffic and filter it – to quite a significant extent, and then parsing the traffic onto a secure (read: optimized for Anti-DDoS efforts) squid box and it deflate the incoming DDoS attack to a very large extent.
However, as with everything else in life, no one will provide you with the complete recipe that works for DDoS protection.