Window Block Decision Activated but Not Working
I am currently testing CrowdSec’s capabilities and have noticed that the blocking mechanism does not seem to be functioning as expected.
Specifically, I attempted a brute-force attack on a Windows target. After running cscli.exe decisions list, the bouncer should have successfully banned the source IP. However, we are still able to initiate RDP sessions from the source to the Windows Server.
Has anyone encountered this issue before? What steps can we take to diagnose and resolve it?
Thank you for your support.
Specifically, I attempted a brute-force attack on a Windows target. After running cscli.exe decisions list, the bouncer should have successfully banned the source IP. However, we are still able to initiate RDP sessions from the source to the Windows Server.
Has anyone encountered this issue before? What steps can we take to diagnose and resolve it?
Thank you for your support.
