Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Stolen Laptops - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Stolen Laptops
Once more, we heard about a stolen laptop (MAC address 00-0E-35-08-62-6E). If you got a second today, in particular if you are travelling, see if  you can pick up the signal from its wireless card.

However, the bigger question: How do you recover stolen laptops? There are now a number of "calling home" systems. Are there any MAC address registries for stolen laptops? Please let  us know if you have any experience with any of these systems, how they worked (or did not work) for you.

 Update: Didn't take long. Kalev sent us a small BAT file that can be used to track the location of a laptop. The script will upload information like IP address and traceroutes to an ftp server on boot and at regular intervals. It works in Windows NT, 2000 and XP. I made it available here: location.zip (md5sum: 3cc8a3fea825bf94645ee7ab627126ec). Make sure you read the 'readme' file and customize the script to use your own ftp server.

I will be teaching next: Intrusion Detection In-Depth - SANS London September 2019

Johannes

3626 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!