Dictionary Based Blocking - tracking and blocking #3221
Comments
|
@Athanasius: Thanks for opening an issue, it is currently awaiting triage. In the meantime, you can:
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
|
@Athanasius: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
|
/kind feature Why did having that in the initial issue fail ? |
Athanasius
changed the title
What would you like to be added?
/kind feature
I've just skim-read through https://www.flux.utah.edu/paper/singh-nsdi24 (no pay wall, click for the PDF) and it seems like something that would be useful to implement as part of crowdsec.
Why is this needed?
Given the claimed better blocking and lower false positive rates claimed, versus fail2ban, this would probably also improve crowdsec.
Obviously the paper is specifically about SSH, but the general technique should be applicable to any other scenarios where there's source IPs and target usernames (or other unique data being as part of an attempt).
The text was updated successfully, but these errors were encountered: