CrowdSec Support / Update and block (externally provided) IP-Lists
CrowdSec is a open source security tool, which can detect and block aggresive/malicious IPs, comparable to fail2ban. Since there no comparable feature yet coming with the omada gateways, having an interface for crowdsec would be great. In gerneral, a possibility to block/drop IPs coming from externally provided IP lists would be awesome.
Is there a chance to have an interface for crowdsec at the omada routers? Or is there a possibility to commit/update IP addresses to be dropped by the gateways via CLI?
Many thanks in advance.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @S-K
Thanks for posting in our business forum.
We don't consider open-source tools being installed in the Omada system. I am aware of the system we use is based on Linux. But we cannot add tools that may add a security concern to our business partners.
Hope you can understand.
Thanks for your suggestions and feedback.
- Copy Link
- Report Inappropriate Content
@Clive_A I don't aim to have a crowdsec installation in the Omada system. I think of a connector which is able to get a set of IPs from crodsec. And then use them for example in a gateway-ACL for being blocked. At the moment the gateway itself is able to detect a handfull of possible attack patterns and the hardware won't be able to run a mature intrusion detection system. But recieving the results of an ids and blocking them at the omada gateway would be a great chance to enhance security.
Do you know whether I could achieve this (edit/update an IP Group with a huge amount of IP Addresses, about > 30.000) with CLI commands?
- Copy Link
- Report Inappropriate Content
Hi @S-K
Thanks for posting in our business forum.
S-K wrote
@Clive_A I don't aim to have a crowdsec installation in the Omada system. I think of a connector which is able to get a set of IPs from crodsec. And then use them for example in a gateway-ACL for being blocked. At the moment the gateway itself is able to detect a handfull of possible attack patterns and the hardware won't be able to run a mature intrusion detection system. But recieving the results of an ids and blocking them at the omada gateway would be a great chance to enhance security.
Do you know whether I could achieve this (edit/update an IP Group with a huge amount of IP Addresses, about > 30.000) with CLI commands?
No. The router is not capable of adding 30,000 IP addresses to the block list. I mean each IP address, e.g. 1.2.3.4/32 an 30,000 of them.
Note that if we need to add this kind of feature to allow you to add many of IP addresses, it is not only about the connector to their server via API stuff to sync with them. (This might be easy if the memory is enough for this. But there will be new features for the Omada routers. We need to save space for future features as well as data storage.)
And we have to optimize the system for the amount of IP addresses that will be added to the system.
If that's your use case, you probably should take a look at the Deco system. It got an online sync with the security database which offers you a way to protect your network via the paid subscription.
Omada does not support any database or we plan to add any database. The best practice would be creating the CIDR to limit unwanted or harmful IP addresses. The system is a traditional pre-built one. It is not an open source like openwrt or pfsense where you can import whatever rules you want or install tools you like.
I have explained this to you and from the current situation this is a small-chance proposal. I have added this to the request pool but I am just letting you know that this is a small-chance.
- Copy Link
- Report Inappropriate Content
First of all, thanks for adding it to the request pool! A small chance is better than no chance.
I understand that you have to take account of memory, but this is just a matter of scaling, not an argument for not implementig such a feature. The more IP addresses, the more memory needed. This connotes: the less memory, the less IP addresses allows. It could be as simple as this. Regarding low performance and limited memory, blocking IP adresses or adress ranges is highly efficient.
CrowdSec is just one idea of enhancing network security. If it is n't welcome to support a specific product, I would also be content with a possibility to import whatever blocklist. There are so many blocklists, spamhaus, firehol, ... Memory considerations would be the same, but there wouldn't be any API stuff. Just a simple file download.
I absolutely cannot understand (no offense but my honest belieft) that you recommend a home networking product with paid subscription when your business product doens't come with a comparable security feature.
Nevertheless I am pretty aware that an Omada gateway on the cheap cannot be compared to a full featured firewall solution that costs a hundredfold.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 916
Replies: 4