Some answers (Score 3, Informative)

Hi guys, We've put together a FAQ that offers answers to most questions raised. Simply google "CrowdSec FAQ" and topics like poisoning, IPV4 NAT issues, GDPR, License, Consensus engine, Monetization, and much more are addressed. The global concept has been thought through and developed by people with years of experience in pentests, defensive security, and open-source (NAXSI, PHP MF, Snuffleu Paggus, etc.). That doesn't mean we thought about everything, but let's say we know the classical pitfalls. At its core, it's a sort of modern, on steroid 2021 Fail2ban. The sharing of IP spotted as malevolent is curated in a central way before being redistributed to the users (for free). This curation process is made to avoid FP, poisoning, and detect low noise signals. (Like IP banding together but not being super aggressive individually). It's decoupled (detect here, remedy there), IPV6 ready, fast (60x faster than F2B) and uses simple grammar to make it accessible to the greatest number. As for the IP you want to ban (like Tor exit nodes or VPNs), this is already doable by many soft. The online back office, coming soon, will allow you to customize what IP groups and what behavior you want to stop, based on their global rep (like A.B.C.D is known to do credit card stuffing, stop it if in a payment tunnel of a webshop). What we advise though is not to "block" on your RP or FW, but rather use bouncers dealing with higher layers. ie if you try to secure an HTTP app, send a captcha rather than drop the connexion. (Always use the minimum necessary remediation.) That being said, we're equally proud and scared to be featured on slashdot. So if you have questions beyond those treated in the FAQ, feel free to ask. We also have a Discourse & Gitter if you feel like crashing by. Philippe