I have not seen clear information on how crowdsec handles a potential attack of denial of service by poisoning the network with false positives.
Can you help?
Hi
To understand how CrowdSec mitigates this, you will need an understanding of how the consensus engine that assesses reveived CTI, works. To my knowledge there is not a whitepaper describing this yet but there is (at least one) video on YouTube with our CEO Philipe describing how it works. He does so from around 8m10s.
Let me know if you have more questions.
I am asking because i am trying to get hestiacp (hosting panel) to look at switching fom fail2ban to crowdsec or at least concider it for the future.
The issue or wall that i am hitting all the time is lack of documentation or white paper as you put it, for a project the size of hestiacp to support this feature they require more information for it to be feasibly seriously considered over a time tested existing solution.
If they did end up supporting the feature is would be a major part of the security of the whole hosting panel
Thank you for responding
Hey
Thanks for your reply. Unfortunately it didn’t help me much in trying to understand exactly what you want and what you’re asking of us. Sure, integrating with hestiacp would be cool and we would love to help out. But how?
CrowdSec has basic support for cpanel in that it’s capable of parsing log files and detect brute-force attacks, much like I assume fail2ban does today. I’m sure there’s many other attack types CrowdSec could help mitigate on hestiacp. That is unfortunately a bit hard for me to tell without having any knowledge of how hestiacp works.
I would advice you to join our Discord where it’s easier to have a realtime conversation on this. The link is on the top of every Discourse page unless you dismissed it. In that case it’s in the announcing post from when we started the Discord server a month ago.
Thanks for posting - looking forward to discuss this further.