Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Stolen Laptops
Once more, we heard about a stolen laptop (MAC address 00-0E-35-08-62-6E). If you got a second today, in particular if you are travelling, see if  you can pick up the signal from its wireless card.

However, the bigger question: How do you recover stolen laptops? There are now a number of "calling home" systems. Are there any MAC address registries for stolen laptops? Please let  us know if you have any experience with any of these systems, how they worked (or did not work) for you.

 Update: Didn't take long. Kalev sent us a small BAT file that can be used to track the location of a laptop. The script will upload information like IP address and traceroutes to an ftp server on boot and at regular intervals. It works in Windows NT, 2000 and XP. I made it available here: (md5sum: 3cc8a3fea825bf94645ee7ab627126ec). Make sure you read the 'readme' file and customize the script to use your own ftp server.

I will be teaching next: Intrusion Detection In-Depth - SANS Doha March 2022


4352 Posts
ISC Handler
Nov 11th 2005

Sign Up for Free or Log In to start participating in the conversation!