search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
9.16k stars 472 forks source link

Dictionary Based Blocking - tracking and blocking #3221

Open Athanasius opened 2 months ago

Athanasius commented 2 months ago

What would you like to be added?

/kind feature

I've just skim-read through https://www.flux.utah.edu/paper/singh-nsdi24 (no pay wall, click for the PDF) and it seems like something that would be useful to implement as part of crowdsec.

Why is this needed?

Given the claimed better blocking and lower false positive rates claimed, versus fail2ban, this would probably also improve crowdsec.

Obviously the paper is specifically about SSH, but the general technique should be applicable to any other scenarios where there's source IPs and target usernames (or other unique data being as part of an attempt).

github-actions[bot] commented 2 months ago

@Athanasius: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
github-actions[bot] commented 2 months ago

@Athanasius: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
Athanasius commented 2 months ago

/kind feature

Why did having that in the initial issue fail ?