New Device Alert

Started by nmiller0113, July 15, 2017, 10:26:58 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 15, 2017, 10:26:58 AM
I recently moved from Untangle to opnsense.  Everything is running great but I cannot seem to figure out a good way to get alerts when new devices appear on my internal network(s).  I like to be aware of new connections so I know if someone new jumped on my wireless or connected to my LAN.  It's just for the sake of knowing and making sure it's legit and not some rogue device.  Untangle had an easy way of doing this, and I understand that opnsense is a completely different platform and I'm not necessarily looking for an as easy solution...just *a* solution...either using what's part of the platform by default or through the use of an additional features.  Either works for me, I just want to be able to get an email every time a device, not previously known or on the network, connects.  Thanks!
July 16, 2017, 02:47:43 AM #1
I could make this work for you, i have built a number of tool for pfsense and opnsense. 
Member of FBIs Infragard Program
Certified Information Systems Security Officer
Certified Vulnerability Assessor
PFMonitor Remote Management, Backup, & Live Monitoring for PFSense and OPNSense
OPNSense Units: R720XD XL, R720XD XL, R720XD, R720XD, R710, DL360G7, QNAP
July 17, 2017, 08:14:43 PM #2
Awesome!  How hard would it be to create?
July 17, 2017, 08:39:39 PM #3 Last Edit: July 17, 2017, 08:41:53 PM by Micky
You could use a raspberry with nmap-skript, too. If unknown Clients were found you can send a pushover-message or mail ...

Gr. Micky
October 08, 2019, 05:43:04 PM #4
I know this is old, but has anyone come up with an easy solution? It would be really nice if it could use the dhcp static lease file as filter as well, so known devices don't get logged.
October 17, 2019, 05:09:35 PM #5
Hi,

is it to trivial or is there simply no solution to receive an email on new devices?

I would really appreciate a short feedback whether it is possible or not.

Thanks,

Mark
October 17, 2019, 06:02:19 PM #6
I don't know an easy way to make the DHCP server send an email for every new (!) lease. Would be interesting for other functions (IDS), too...

If you want to hand down IPs on your network manually (reserved for MAC) this can be done quite easily.
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
October 17, 2019, 08:19:40 PM #7
You can try to install arpwatch via ports
October 22, 2019, 12:13:32 PM #8
Thank you.
Conclusion, with the standard opnsense release a new device alert is not possible.

Interesting fact as the first question from the GDPR guy was how we get notified on new devices.



October 22, 2019, 12:18:06 PM #9
What about new devices not using your gateway?

I would try switch port security and block unknown devices on access layer --> 802.1x.
New devices have to request a computer certificate in IT dept.
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
October 22, 2019, 01:11:40 PM #10
Quote from: hbc on October 22, 2019, 12:18:06 PM
What about new devices not using your gateway?

I would try switch port security and block unknown devices on access layer --> 802.1x.
New devices have to request a computer certificate in IT dept.

Indeed a way better solution
January 03, 2022, 03:45:06 PM #11
Print
Go Up Pages1
User actions