a little question:
I am using crowdsec on windows, and I like the product
I do not know if it is good for the goal of IpFire, but is their a way to integrate it ? or it is not the goal
thanks in advance for your answer
At a first glance reading Crowdsec seems to do the same job as IPFire’s IPBlockLists. The origin of these are, IMO, more trustful. A crowd solution may be not as maintained as the lists IPFire uses.
A lot of the ipblocklists that crowdsec have require a payment. The free ones require a sign-up to be able to access them. If that is always needfed, then the source could not be tied in to IPFire as we could not provide the sign on information.
Also looking at the collection of free lists, all except one are third party lists, ie ones from other sources and not from crowdsec.
https://app.crowdsec.net/blocklists/search?pricingTiers=%5B%22free%22%5D&page=2
So crowdsec are just acting as a forwarder of the third party url but getting your sign on details.
The only free list they provide directly from themselves is “CrowdSec CVE-2024-4577” which is a list of IP’s that are trying to utilise that CVE vulnerability.
It seems to me better to fix the vulnerability rather than find all IP’s trying to use it.
The vulnerability has no impact on IPFire itself as that CVE is related to a PHP vulnerability. PHP was removed from IPFire in Core Update 118, back in 2018.
If you have PHP on one of your web servers on a machine on your network, it would make better sense to updated to at least PHP-8.3.8 which had a fix applied for the vulnerability.
3 Likes
thanks for sharing your thoughts !