Our great sponsors
-
crowdsec
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Something like that would be fairly trivial to do with CrowdSec. Currently there’s no support for Wireguard. This would require a log parser and a scenario which describes the two attacks in the article you point to. But, as I said it would be fairly trivial. There’s an existing parser and scenario which detect portscans via kmesg in syslog. So doing the same with Wireguard and dyndbg would be easy enough. Actually I had already been considering making this for Wireguard but I was missing information about which attacks to look for as well as log samples. So I’ll probably give it a go within a week. Would you like to help out by being my guinea pig? That would save me the work of setting up a Wireguard server myself :-)
I just submitted a PR for Wireguard support. Feel free to try it out. I haven't been able to test it much. And yes, it's my first PR :-)