search

pucherot / Pi.Alert

WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices
GNU General Public License v3.0
2.07k stars 128 forks source link

Removed devices are added again on the next scan after removing #140

Closed AlbertCaro closed 2 years ago

AlbertCaro commented 2 years ago

I had the same problem as issue #15, and I follow those solution adding parameter SCAN_SUBNETS='192.168.100.0/24' on my pialert.conf

Well I started to remove those devices from Docker networks and other that doesn't interest to me, after remove someones the next scan ended adding those same amount of devices again.

Theres a video of the issue on YouTube: https://www.youtube.com/watch?v=7-jshMSbBk0

In that video I start to delete devices, and in the minute 3:12 our bug appears.

If it helps, my pialert.conf looks like this:

#-------------------------------------------------------------------------------
#  Pi.Alert
#  Open Source Network Guard / WIFI & LAN intrusion detector 
#
#  pialert.conf - Back module. Configuration file
#-------------------------------------------------------------------------------
#  Puche 2021        pi.alert.application@gmail.com        GNU GPLv3
#-------------------------------------------------------------------------------

PIALERT_PATH      = '/home/pi/pialert'
DB_PATH           = PIALERT_PATH + '/db/pialert.db'
LOG_PATH          = PIALERT_PATH + '/log'
VENDORS_DB        = '/usr/share/arp-scan/ieee-oui.txt'
PRINT_LOG         = False

SMTP_SERVER       = 'smtp.gmail.com'
SMTP_PORT         = 587
SMTP_USER         = 'example@gmail.com'
SMTP_PASS         = ''

REPORT_MAIL       = True
REPORT_FROM       = 'Pi.Alert <' + SMTP_USER +'>'
REPORT_TO         = 'example@gmail.com'
REPORT_DEVICE_URL = 'http://caronavarro.pi/pialert/deviceDetails.php?mac='

# QUERY_MYIP_SERVER = 'https://diagnostic.opendns.com/myip'
QUERY_MYIP_SERVER = 'http://ipv4.icanhazip.com'
DDNS_ACTIVE       = False
DDNS_DOMAIN       = 'your_domain.freeddns.org'
DDNS_USER         = 'dynu_user'
DDNS_PASSWORD     = 'A0000000B0000000C0000000D0000000'
DDNS_UPDATE_URL   = 'https://api.dynu.com/nic/update?'

PIHOLE_ACTIVE     = True
PIHOLE_DB         = '/etc/pihole/pihole-FTL.db'
DHCP_ACTIVE       = True
DHCP_LEASES       = '/etc/pihole/dhcp.leases'

# arp-scan options & samples
#
# Scan local network (default)
# SCAN_SUBNETS    = '--localnet'
#
# Scan two subnets
# SCAN_SUBNETS    = '192.168.11.0/24 192.168.144.0/24'
#
# Scan using interface eth0
# SCAN_SUBNETS    = '--localnet --interface=eth0'

SCAN_SUBNETS      = '192.168.100.0/24'

I would greatly appreciate your help

AlbertCaro commented 2 years ago

Finally, I found the solution about this issue:

PiHole's integration that uses the pihole FTL database ignores que subnets filter, getting the list of all the devices that have used the DNS, set PIHOLE_ACTIVE as False if you have the same issue.