Blocking a device's Internet access is accomplished on the app by selecting the device and tapping "Block device." I ran a simple test by setting up a continuous ping to the Internet from a laptop connected to the same network as the Fingbox. With the pings succeeding, I selected "Block device." Within a few seconds, the pings failed. After a few failed pings, I selected "Unblock device" and the pings succeeded again. The below image shows the Internet pings succeeding, failing, and then succeeding again.
It's important to note that the Fingbox "Block device" feature is a manual tool to enable and disable network access per device. The Fingbox does not detect devices as a security threat and automatically block them. Note also that Fingbox can't block individual ports or port ranges to control access to specific internet services.
In addition to blocking a device's internet access, you can also use the "Pause Internet" feature to block internet access but allow the device to access other devices on your network. Fing calls this feature a "simple internet Parental Control." This tool is similar to the "Block device" tool in that you manually enable and disable it on a per device basis. When you enable the tool, you get the option to enable it for 30 minutes, 1 hour, 2 hours, 6 hours, 1 day, 1 week, or Forever.
I tested this feature by running two continuous pings, one to the internet (18.104.22.168) and another to the Fingbox. When I enabled the "Pause Internet" feature, pings to the Internet failed, while pings to the Fingbox on my network continued.
Fingbox also has a tool called "Schedule Pause" which allows you to create various schedules for automatically pausing internet access by day of week, time of day, and selected users. Below is a screen shot of the pre-built "Bedtime" schedule.
How Does Blocking Work?
I found the Fingbox Block and Pause features interesting. The Fingbox has only a single Ethernet connection and doesn't act as the network gateway, so it doesn't appear to have the means to intercept traffic to and from a device.
To get a better idea of how the Fingbox blocked traffic, I did a packet capture (using Wireshark) on my network while I blocked a device that was actively connecting to the internet. Based on that packet capture, it appears that when you enable the "Block device" feature, the Fingbox sends an ARP (Address Resolution Protocol) message to the blocked device providing the Fingbox's MAC address as the network gateway, which directs the blocked device to send its internet traffic to the Fingbox. The Fingbox then drops the internet packets coming from the blocked device, effectively cutting it off from the internet. We've seen this technique, known as ARP spoofing or ARP cache poisoning, used in the Circle With Disney device.
Below are a few lines from my Wireshark capture showing ARP messages sent from the Fingbox (Fing) to my Apple PC after I applied a "Block device" to it via the Fing app. As you can see, the ARP message is coming from a device Wireshark detects as a Domotz device (which is the Fingbox) and going to a device Wireshark detects as an Apple device (my Apple PC.) The ARP message is telling my Apple PC that its gateway at 172.24.7.1 is at MAC address f0:23:b9:eb:62:d7. The IP address 172.24.7.1 is my router but that MAC address is the Fingbox. The end result is my Apple PC sends its internet packets to the Fingbox instead of my router when the block feature is enabled.
The DigitalFence feature shows Wi-Fi devices in your Fingbox' range, which the user manual says is around 30m/100 feet.
DigitalFence maintains three lists of detected devices:
- Nearby - devices that are active but are not connected to the local network managed by Fingbox.
- In my network - devices that are active and are connected to the Wi-Fi of the local network managed by Fingbox.
- Stations - Wi-Fi access points in the vicinity, sorted by signal strength.
Note the Stations nomenclature is contradictory to standard Wi-Fi use. Stations (aka STAs) are devices that connect to access points (APs). So the Stations screen actually lists APs; Nearby lists stations/devices/STAs.
Below is a screenshot of the "Nearby" list showing some of the devices (STAs) near my network that were picked up by the Fingbox.
DigitalFence Nearby view
Tapping on the chart icon in the screen top right corner displays a bar chart of devices (STAs) grouped by signal strength. The chart is updated every 5 seconds while it is open.
DigitalFence Nearby view
The "Fence" part of DigitalFence consists of two features. You can mark any device in the Nearby list to be watched.
DigitalFence - Watch device
If you really are concerned about a watched device, you can be alerted when its state changes. This means you'll get an alert when it moves both in and out of range.
DigitalFence - Watched Device Alert
Internet Security Check
This feature looks for holes on the public-facing side (WAN) of your internet connection. The Remote Scan portion of the check looks for open ports from the internet side. The Internal Router Audit portion checks the router addresses, NAT configuration and whether UPnP or NAT-PMP is activated. You can run scans on demand; otherwise they run once a week.
Internet Security Check report
One interesting feature is the ability to close ports opened by UPnP, right from the app. This FAQ has the details.
In addition to notifications about the comings and goings of devices, Fingbox can alert you to two other Wi-Fi maladies. The first is its ability to detect de-authentication messages. De-auths are part of most Wi-Fi attacks and are used to force Wi-Fi STAs to disconnect. An AP or router may legitimately use de-authentication for to move STAs for load balancing purposes. But a stream of de-auths usually indicates some sort of attack.
The good news is Fingbox can alert you to a de-auth attack. The bad is that it doesn't do anything about it automatically. As with most of Fingbox's security features, it's up to you to take appropriate action (or not).
Finally, Fingbox detects "evil twin" access points and changes in default gateways, which can indicate man-in-the-middle attacks. Because of its ability to detect "evil twin" APs, Fing claims Fingbox protects against KRACK attacks. I did not verify this claim or either the de-auth or "evil twin" detection features.
I liked the Fingbox's simplicity and its ability to enable/disable Internet access manually and by schedule and its Wi-Fi speed test tool. I also liked the fact that you can purchase the Fingbox ($129) without a monthly or annual subscription.
But as a security device, the Fingbox is limited. It doesn't scan packets going in and out of your network and it doesn't scan devices for malware or viruses. Fingbox doesn't act as a firewall, so has no means of blocking traffic from entering your network. Nor will it detect a compromised device that has been conscripted into a bot network and participating in DDoS attacks. And as noted earlier, it can't block specific ports or port ranges.
However, Fingbox's main weakness as a network security device is that it is limited to generating alerts, not taking action. This may be helpful for folks who know their way around a network and can judge the significance of each alert. But your average consumer is more likely to have his/her anxiety level raised and wonder whether, and how, to take action.
Even for those of us who know what to do, the timing of doing it can be a problem. If an attacker is trying to get into your network in the dead of night, do you want to be roused from sleep to respond to an alert?
In the end, Fingbox joins CUJO, BitDefender Box, Circle With Disney add-on boxes and router/Wi-Fi System based efforts from Norton, Luma and eero in the ranks of nice-try-but-no-cigar consumer solutions for network security. CUJO and the Box provide browsing protection, but neither do much for DoS or Parental Control security. While CUJO device inspects both incoming and outgoing packets to detect malware, Box inspects only outgoing packets and relies on software running in devices to detect malware.
For $129 and with no subscription fees, Fingbox definitely makes it easier to know what's on your network, alert you to some forms of unusual activity and see who is using the most bandwidth. As a device to "secure and troubleshoot your home network", Fingbox's strength is definitely on the latter.