Email alerts: when they are sent, and when repeated detections are silenced

Started by Rod

How do WiFi Guard email alerts work? When are they sent? When are they ignored? Does it send email alerts about the same device after the first detection?

From the changelog for v2.1.3: "Improved: prevention of sending repeated identical e-mail alerts."
SoftPerfect Support forum - Ann avatar image
Ann

Re: Email alerts: when they are sent, and when repeated detections are silenced   13 August 2021, 16:09

It should not be sending identical alerts. In the current implementation it works like this, for example:
  1. WiFi Guard finds a new MAC address 00:11:22:33:44:55, it sends an e-mail.
  2. The next scanning round it finds the same address 00:11:22:33:44:55, it does NOT not send an e-mail.
  3. The next scanning round it finds the same address 00:11:22:33:44:55 and a new one AA:BB:CC:DD:EE:FF, it sends an e-mail.
  4. The next scanning round it finds only the first address 00:11:22:33:44:55, it sends an e-mail (because the total detection not identical to the last round where it found two MAC addresses)
Basically whenever the set of unidentified MAC addresses changes following a scan, WiFi Guard will send an email. This may not be ideal in situations where MAC addresses come and go, as there still will be a number of emails sent. But this should not generally be an issue or inconvenience, as when WiFi Guard alerts you about an unknown device, you would either mark it as known or act accordingly to bar it, e.g. change your WiFi password.

If I may ask, what exactly are you trying to achieve with WiFi Guard? There may be a better way to do it.
Thanks for the reply. In this particular case there was no second unidentified device. This should mean the email alert should not have been sent, which it was.

If one is watching emails and immediately connects to the WiFi Guard computer to mark the unknown device then yes duplicates are not a problem, but I have WiFi Guard set to 5 minutes between scans, so even if I see the first email it's possible to get a second before I've connected to the remote computer and told WiFi Guard to not alert for it. And I have to sleep occasionally, so I've woke to literally hundreds of duplicate alerts on many occasions. A greater interval between scans means a lower probability of capturing the rogue device, unless they're repeatedly attempting to connect.

Changing the WiFi password is far from my first option since many managers use it, and password crackers are readily available anyway. I also have MAC filtering enabled, and with the NetGEAR wireless routers configured as APs it forwards the DHCP request through before checking the MAC allowed list. This means the unknown device is blocked, but I get the notice so I know unauthorized devices are trying to connect. It's one of the ways I have been able to defend the security position that just a password isn't enough. For example, when someone claims that we're a small town so such security is not needed.

There are other ways to achieve 2-factor authentication (what you know, a password; and what you have, like an IP address or a MAC address) than MAC filtering, and we will be migrating to this sometime in the future. It's been in the works for about a year now. It will be username and password authentication (both unique to the user, but they don't change) plus a one-time (for the duration of their session) security code emailed or SMS'ed to the registered user. Much stronger than MAC filtering.

So really WiFi Guard is a temporary solution for us, but it is still worth eliminating the duplicate alerts.
SoftPerfect Support forum - Ann avatar image
Ann

Re: Email alerts: when they are sent, and when repeated detections are silenced   13 August 2021, 16:18

I guess we could change the code, so that instead it would keep the status of each MAC address like this:
00:11:22:33:44:55 "EMAIL-SENT"
AA:BB:CC:DD:EE:FF "NOT-SENT"

So after sending an email with that MAC address it would be marked as "EMAIL-SENT", and this MAC address would never be emailed in the future even if detected again. This however can lead to a case where a user may not understand why their e-mail notifications are on, but e-mails are not sent when unknown addresses are found.

Or may be the best of both worlds, add an option at the E-mail tab in the Settings, something like "Only e-mail each unidentified MAC address once". So when it is enabled, after sending an email, WiFi Guard could set their status to "EMAIL-SENT" and not email alerts about them again.

What do you think?
I think the way it's stated in the 2.1.3 changelog is best. One email, then nothing (regardless of whether it's identified in WiFi Guard or not). It wouldn't hurt to have a check-box in case someone doesn't want this option.
SoftPerfect Support forum - Ann avatar image
Ann

Re: Email alerts: when they are sent, and when repeated detections are silenced   13 August 2021, 16:33

We have just added a new setting that may give you the behaviour you want. Please download the latest build, open Settings - E-mail tab, and enable Email unidentified MAC addresses only once.

WiFi Guard will email one alert about each unidentified MAC address. Once the e-mail has been sent successfully, all MAC addresses listed in it will be marked as 'emailed' and not affect the alerts after that.

SoftPerfect support forum

Reply to this topic

Sometimes you can find a solution faster if you try the forum search, have a look at the knowledge base, or check the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • Write in English. If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

  *******   **      **  **         **     **  **    ** 
 **     **  **  **  **  **    **   **     **  **   **  
 **         **  **  **  **    **   **     **  **  **   
 ********   **  **  **  **    **   **     **  *****    
 **     **  **  **  **  *********   **   **   **  **   
 **     **  **  **  **        **     ** **    **   **  
  *******    ***  ***         **      ***     **    ** 

Message: