How to kick an unknown device off my wifi?

I have my router setup as device_tracker.netgear, so I can detect when I’m home/away. It also fires a new_device event, which I’d like to set up an automation like so:

Send an Android notification to my phone prompting whether to allow or deny the new device on my network. If I select deny, I’d like to kick the device off the network and prevent it from reconnecting to it.

The problem is, I can’t figure out how to kick off/ban a device from my network. Which component should I use? Or do I need a custom script? Can someone provide me with an example setup that can accomplish this please?

I don’t think there is a native way to do this… the first thing that comes to mind is building a linux script than can launch a wifi de-authentication attack on an end device. But this gets messy and complex really quickly :slight_smile: Might be possible on a more enterprisey type wifi like ubiquiti unifi, but doubtful if you just have a dinky netgear wireless router.

That’s discouraging news, I for sure thought there’d be a way :frowning:

Though, there is some hope because PyNetgear (the module leveraged by the device_tracker.netgear component) has an open issue to add the feature of device blocking. See here. Though, even when that feature is implemented in PyNetgear someone would have to make changes to the Netgear device_tracker component to add the capability.

I guess the real question would be how are unknown devices connecting to your network in the first place?

I would assume if they don’t have a network password then they shouldn’t be on the network. If you don’t have a password set then you’re fighting an uphill battle keeping devices off your wifi. Especially if you live in a semi-populated location.

I’d ask the same question of how are unwanted people getting on your WiFi?

I’m no aware of a way to disconnect people but you can block their ability to use it.

Two scenarios come to mind:

  1. Renting out the house via Airbnb & similar platforms. Giving out the password is common practice when renting out. So, in the event we find someone connecting to our network after the fact (when their stay has ended) we can shut their access off. If they choose to book our place again, then we can similarly unblock their access.
  2. A free-loading relative that stayed with us for a short period of time, then mooches off us whenever they can.

See my reply to @finity above for two scenerios that would warrant the wanted behavior.

I’ve come to find out that their is a Feature Request Issue on the PyNetgear module that is used by the Netgear device_tracker component. I’ve taken it upon myself to update the current code base to include the newly formatted code to implement block/allow device access (you can see/track my PR here).

The thing is, even once the pull request is approved & merged to the master branch I’d still need someone to add the functionality to the Netgear Device Tracker component. I’m still too much of a novice when it comes to the code structure of HA components to do that part myself.

I don’t know that this sounds like a job for a device tracker. I could be wrong, but it seems like it would be called as a different type of component.

I assume you have these guest on your guest network. Why not just change the password?

1 Like

I agree, but I wasn’t sure what sort of component it should really be. And the reason I figured it might just be incorporated into the current Netgear device tracker is because it’s already using the module that will have the functionality. Would it warrant a different component if we’re using a module that’s already being leveraged by another component of the same brand? Seems kind of redundant to me. Make sense?

Also, I feel it kind of falls under device tracking (just not in the HA definition’s sense) because it’s tracking devices/seeing they have access. I think this could just be touted as an added security function of this device tracker to be able to natively manage the devices’ within HA.

For Airbnb guests that suffices, but for friends and family I allow them to connect to our main network.

Netgear routers usualy come with “Access managment” in the router admin under the advanced section, you should be able to identify the device MAC address or name as it is connected and then ban or approve access from a list of known devices.

However, I don’t believe they expose this functionality to external programming, most probably because it would open the router to all sorts of hacking hazards.

It seems really odd to me to add this kind of functionality at all to Home Assistant. It is the network device’s (router/ap/etc) to control who has access.

then why kick them off later?

That’s incorrect, the PyNetgear module can get this data and modify access.

I see it as beneficial for automated security. Setting an automation when toggled on to prevent new device access and toggle off when wanting to allow others. The idea is to avoid needing to go into router admin panel and have all functionality rest within one interface (HA).

And there’s the obvious scenario if some nefarious party (hacker) manages to gain access somehow, an automation to auto-kick them off would be great. And before you say, if you have other problems to worry about if a hacker manages to crack your password, that’s not the point. I’m simply stating yet another useful scenario where having this functionality is beneficial.

Can you ssh into your netgear router? It might be possible to block devices via command line? If so, you can then use shell command component to log into the router and block devices.

I actually assisted in adding device blocking into the PyNetgear module. Since I opted for a hassbian install opposed to hassio I’ll be able to install the module directly on my pi. That means I can make a simple python script with a block function that takes the Mac as a parameter. I plan on calling the script with the command_line action & boom :slight_smile:

1 Like