CrowdSec a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. Collaborative IPS tool. It’s a free open source uses behaviour analysis for detection and curation

The goal is to leverage the power of the crowd to create a real-time IP reputation database. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate. Ultimately, CrowdSec leverages the power of the community to create an extremely accurate IP reputation system that benefits all its users.

Founders believe that the crowd is key to the mass hacking plague organization are experiencing, and that Open Source is the best lever to create a community and have people contribute their knowledge to the project, ultimately make it better and more secure.The solution recently turned 1.x, introducing a major architectural change: the introduction of a local REST API.

CrowdSec Workability

CrowdSec is written in Golang and was designed to run on modern, complex architectures such as clouds, lambdas, and containers for detecting and remidiate

The tool uses leaky buckets internally to allow for tight event control. Scenarios are written in YAML to make them as simple and readable as possible without sacrificing granularity.

Aggressive IPs are dealt with using bouncers. The CrowdSec Hub offers ready-to-use data connectors, bouncers and scenarios to deter different attack classes. These bouncers can remedy threats in various ways.

Crowdsec works on bouncers such as Captcha, limiting applicative rights, multi-factor authentication, throttling queries, or activating Cloudflare attack mode just when needed.

Crowdsourcing security

While the Crowdsec software currently looks like a spruced up Fail2Ban, the project’s goal is to leverage the power of the crowd to create a highly accurate IP reputation database. When CrowdSec bounces a specific IP, the triggered scenario and the timestamp are sent to our API to be checked and integrated into the global consensus of bad IPs.

The network already has sightings of 100,000+ IPs (refreshed daily) and is able to redistribute ~10% (10,000) of those to our community members. The project has also been designed to be GDPR compliant and privacy respectful, both in technical and legal terms. Achieve Security with behaviour assessment and remediation