Monitor login attempts on your home WiFi

Coming and Going

Listing 4 then stores all the discovered MAC addresses in the persistent hash, %leases and maps them to the matching IP addresses and device names. It thus knows which devices existed on the previous run, and which have just been added since then. Line 27 then adds the new entries to the hash's persistent memory, and line 28 fires off the events defined in lines 42-57 with notify().

A similar script branch handles devices that existed in the previous run and which thus exist in %leases but are now missing in the current run. The volatile %found hash stores these. If a discrepancy is discovered, line 34 then sends a message stating that the device has disappeared.

The notify() function basically looks like the test script introduced in Listing 2. It uses the Prowl API key stored in $API_KEY at the start of the script and only adds the application name, the event type (joined or left), and the description, while it leaves the URL field empty.

Because my low-budget hosting service does not allow root access, I installed the CPAN modules required by the script locally in the home directory below perl5; cpanm does this automatically if it notices that it cannot manipulate /usr/lib because it is lacking the necessary permissions. But for the script to find the modules installed there, line 3 in Listing 4 needs to add this path explicitly using use lib.

No Invasion – Yet

It was very reassuring to see that the script only discovered known devices on my WiFi during the beta testing phase, but at least now I am perfectly prepared for a full-scale over-the-air attack. Another thing I noticed is that some devices suddenly connect to the WiFi network in the middle of the night, even though they are switched off and lying somewhere in the corner of the room, one example being my Kindle Paperwhite ebook reader, most likely checking for available software updates.

It would be fairly easy to improve the script to know which MAC address belonged to which device, which you could easily handle using a hash in lease-notify. The text messages would then use device names designed to reflect the situation on the home network, which would make them much easier to understand when received.

Acknowledgment

I thank my co-worker Tristan Horn, whose idea it was to display devices joining and leaving the home network on a phone, and he also wrote an application for this purpose that integrates the whole enchilada in a far more professional UniFi system [3].

Mike Schilli

Mike Schilli works as a software engineer in the San Francisco Bay Area. He can be contacted at mailto:mschilli@perlmeister.com. Mike's homepage can be found at http://perlmeister.com.

Infos

  1. Listings for this article: ftp://ftp.linux-magazine.com/pub/listings/magazine/186
  2. Prowl: http://www.prowlapp.com
  3. Connecting push notifications with a UniFi system: https://tris.net/software/unifi-logreader\

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Programming Snapshot – Power Outages

    A power failure can cause the IQ of a smart home to plummet suddenly. An emergency power supply and a script on the SmartThings platform can prevent a total outage and inform the owner. The polyglot Perlmeister embarks on a foray into the territory of the Groovy scripting language in this issue.

  • Dnsmasq

    Dnsmasq is a practical alternative for DNS on a small scale.

  • A Python script warns of failed login attempts

    A number of sensors and cameras send author Mike Schilli a short message if someone tampers with his apartment door. He has now applied this security principle to the SSH entrance of his Linux computer.

  • TECH TOOLS

    Professional users are always searching for an edge. Whether you work with Linux as a webmaster, programmer, system administrator, or security consultant, you know the best solution depends on finding the right tool for the job. We thought you might be interested in the following new products and updates.

  • Gaping Hole in DD-WRT: Router Software with Back Door

    The free router software DD-WRT opens in its version 24(SP1) a huge door due to a vulnerability in its HTTP daemon server.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News