You beat me to it.
1 Like
GMTA sir. 
Sorry to the OP for completely derailing their thread.
I played with it in pfSense a long time ago when it was new, there were a lot of issues with notifications. arpwatch is a very old, but tried and true, tool for a lot of things.
I donāt worry about using things like arpwatch, nmap, or the likes on my āproductionā sides of my home ādata centerā because most of them wonāt work or be to intensive (time and computing). When I do, I have to lax things up a bit to get anything worth while.
I tend to take a different approach than most people I think. I explicitly deny everything and anything except what I want and need. Itās a lot of work up front, but only requires maintenance to do changes, and pretty much takes away any worry.
I donāt play whack-a-mole because I donāt want to, nor is it very effective.
My DHCP reservations are very tight to the point that I have to manually add anything new, this includes VMs. ((Example my printer vlan only has two usable addresses)). Lots of vlans. Next are my L2-L4 ACL explicit allows at the switch level (both inter-vlan and external). ((Again with the printer vlan - only certain devices can hit the IPs and one port needed to print and printers are kept internal only)). Then explicit allows at the in-line interior firewall and the border firewall/router for things to get to the Interwebs for things they must have. I top it off with multiple HIPS/NIPS and Geo-IP filters. I have a few blacklists (IP based), but they are really just a tin foil hat failsafe for when I have to open things up troubleshoot.
I donāt get a lot of (monitored) hits on the firewalls or IPSes because the traffic is so minimalized, but I also donāt log much until I have to make a change or troubleshoot something.
This is all way overkill, but once the initial planning and configuration is done there isnāt much to even bother monitoring regularly.
1 Like
We always do this. LOL (and yeah, @soumya92, sorry for the hijacking)
As for the rest of your post, +1,000,000 upvotes.
1 Like
And I thought your nmap cron job was a bit much right? 
1 Like
Corn job?! LMAO Is that some advanced *nix utility I've never heard of? 
Haha, stupid phone got me. But yeah it is new, like the new Spaghetti Monster init system.
1 Like
systemd all the way baby... LOL Because who doesn't love symlinks in 15 different locations? 
1 Like
Some kind of agricultural reference, I guess.
3 Likes
Would you mind posting your thoughts about the Fingbox after you have used it for a while? It sounds like something I would like to try...
1 Like
Absolutely.
2 Likes
I've had it for about 6 months now. Anything specific you want to know?
1 Like
I guess what I am most concerned about is that I am NOT a network engineer by any stretch, and I want to make sure my home network is fairly secure. I recently set up a VPN in my router and now I am even more paranoid! So do you think Fingbox would be good for somebody like me? Is there anything you think it can't do that should also be done? I've been through some "secure your router" instructions so hopefully everything is OK there, but at the very least I want to be sure only people/devices I know about are on my network. Hope this makes sense...I may not even be sure what I want 
!
It does a log of stuff that can be done by other tools but rolled up into one simple interface.
Some examples include
- monitor network and notify for new devices that connected
- monitor firewall for open ports
- monitor network speeds and report daily on the latest test speeds
- has wifi intrusion protection (not sure what this does as I have no alerts on it)
My network setup is using pfsense as my router and eero for my access points so I have visibility into a lot of that but its not nicely bundled up.
You can also do things like restrict access to the internet from certain devices, like turning off your kids internet during dinner time.
It also has IFTTT integration so you can integrate it into HE for network presence detection.
And finally you also get notifications if your network/fingbox goes offline (via their cloud service) so you can monitor the home network connection.
1 Like
@gavincampbell, thank you for the info, that is helpful. Do you know if you can use the Maker API to do presence notification from the Fingbox? So far I've not needed IFTTT for anything so would prefer not to have to use that.
@corerootedxb, would also appreciate your thoughts after you have used it, especially anything you think might be missing from a security standpoint.
Thanks all, appreciate the help!
I've been using Fing since before there was a FingBox. I bought my FingBox while they were still on KickStarter maybe 2 years ago. Love It!!!
1 Like
Unfortunately for that feature you will need IFTTT. They just added that recently. They don't have a local API. But like I said, there are other ways of doing most of these things without reliance on cloud services. This is one of them.
1 Like
Anyone here using a pi for the purpose of a OpenVPN server via piVPN?
How is it working? Do a pi have enough horsepower to handle that?
I had it running for a while on RPi3B. It wasn't too bad. Performance was acceptable, but nothing compared to a dedicated device. Honestly, I would scour eBay for a router that can run Merlin (or OpenTomato or DDWRT) and make that into a VPN server, you'll get a lot better performance.
But, for basic usage, a RPi will work a treat.
1 Like
Actually, I do run it on a Asus RT-AC88U (love those 8 ethernet connections at the back).
However, when I deliver a system to a client, since I'm using the RPI for the Google Assistant Relay, I thought I would also put on it PiVPN to allow a client to have OpenVPN access to his local Hubitat.
1 Like
