Tracking stolen computers
#1
Scooby Regular
Thread Starter
Join Date: Aug 2001
Location: Essex
Posts: 1,115
Likes: 0
Received 0 Likes
on
0 Posts
Tracking stolen computers
I noticed that the MOD has lost about 500 laptops over the last year, and this is now blowing up into a good old political row
I was just wondering what would happen if you were to acquire one of these and then connect up to the internet, say at home. Is there some unique ID on the computer which would show up and this could be put together with an IP addess to work out where you are.
I was just wondering what would happen if you were to acquire one of these and then connect up to the internet, say at home. Is there some unique ID on the computer which would show up and this could be put together with an IP addess to work out where you are.
#2
Scooby Regular
The only thing I can think of is the MAC address, but ways and means.....
Somebody wrote on here not so long ago about tracking a stolen PC via the net. Said the police were not interested.
To counter that, local to me, somebody got a knock on the door recently for using a stolen laptop, which was tracked when it appeared online.
Somebody wrote on here not so long ago about tracking a stolen PC via the net. Said the police were not interested.
To counter that, local to me, somebody got a knock on the door recently for using a stolen laptop, which was tracked when it appeared online.
#4
Scooby Regular
Join Date: Mar 2006
Location: Guernsey
Posts: 1,441
Likes: 0
Received 0 Likes
on
0 Posts
Unless the PC has some special software or hardware installed that "calls home" in some way, it would be a practical impossibility to trace on the net. There are products that can do this, but it's not exactly common practice. GCHQ or the NSA might have a chance of tracking an individual device by MAC address, but Joe Bloggs is going to struggle. It's hard enough in a building with 400 PC's in! The network guys check each switch for traffic from the MAC address, identify the phsyical switch and port, then someone actually goes and traces the cabling to the floor point.
ALL laptops that my employer uses worldwide have encrypted hard disks, which makes the data on them secure in the event of loss/theft. The few hundred quid for the laptop is nothing compared to the value of the data, or the companies reputation. It beggars belief that somebody like the MOD don't do the same.
ALL laptops that my employer uses worldwide have encrypted hard disks, which makes the data on them secure in the event of loss/theft. The few hundred quid for the laptop is nothing compared to the value of the data, or the companies reputation. It beggars belief that somebody like the MOD don't do the same.
#5
Scooby Regular
The local catch around here was because the person who bought the laptop (in good faith by the sound of it) continued to use it as was, i.e. it had all the pre-owner s/w installed, and thus started to foward emails to the old owner when the new person started to use it.
As pointed out above, it would be very very difficult to trace a stolen computer via the net unless you throw quite a lot of resource at it, and even then, you could well be on a hiding to nothing.
#7
Scooby Regular
iTrader: (6)
Tracing a laptop is very easy. Soon as the stolen MAC connects to an ISP the ISP can tell you where they are.
In fact I could do it from work right now.. I wouldn't unless requested to by a Court order. Breaks tooooo many DPA rules.
As for a single person tracing a PC .. not gonna happen unless you can monitor the connection and find the user typing in their details at some point !
In fact I could do it from work right now.. I wouldn't unless requested to by a Court order. Breaks tooooo many DPA rules.
As for a single person tracing a PC .. not gonna happen unless you can monitor the connection and find the user typing in their details at some point !
Trending Topics
#8
The only foolproof way is via some kind of phone home type software.
The laptop discovered earlier in the thread was most likely spotted because the forwarded email would have had the IP address of the computer forwarding it in the email header.
#9
Scooby Regular
Join Date: Mar 2006
Location: Guernsey
Posts: 1,441
Likes: 0
Received 0 Likes
on
0 Posts
Assuming that you do know the MAC address in the first
place, it is only transmitted on your local network.
Your PC MAC address is part of the DataLink layer frame. Think of the frame as a wrapper around your data. Once a packet leaves your segment, the routing device will strip off the frame (and your MAC address), and add the router's frame and MAC address. While the IP address for the source and destination is unchanged (except by firewalls, NAT tables and other exceptions); the MAC address that an IP packet has changes over every hop on it's way to the final destination. You would be as likely to find the laptop by looking for it visually as by tracing a MAC address. You'd need access to the ARP table, which relates MAC addresses to IP addresses, of every routing device between you and your stolen laptop. Although in theory it would be possible, you'd probably have to displace Ossama Bin Laden as the public enemy No. 1 for someone to make an attempt to track your laptop.
place, it is only transmitted on your local network.
Your PC MAC address is part of the DataLink layer frame. Think of the frame as a wrapper around your data. Once a packet leaves your segment, the routing device will strip off the frame (and your MAC address), and add the router's frame and MAC address. While the IP address for the source and destination is unchanged (except by firewalls, NAT tables and other exceptions); the MAC address that an IP packet has changes over every hop on it's way to the final destination. You would be as likely to find the laptop by looking for it visually as by tracing a MAC address. You'd need access to the ARP table, which relates MAC addresses to IP addresses, of every routing device between you and your stolen laptop. Although in theory it would be possible, you'd probably have to displace Ossama Bin Laden as the public enemy No. 1 for someone to make an attempt to track your laptop.
#10
Scooby Regular
iTrader: (6)
This would only work, if the laptop were connected direcly online via its ethernet port. At home the mac address exposed to the web, is that of my router, not the mac on my desktop or wireless laptop. Same goes for ADSL, when connected via USB then the mac exposed is not the one thats allocated to the ethernet port.
The only foolproof way is via some kind of phone home type software.
The laptop discovered earlier in the thread was most likely spotted because the forwarded email would have had the IP address of the computer forwarding it in the email header.
The only foolproof way is via some kind of phone home type software.
The laptop discovered earlier in the thread was most likely spotted because the forwarded email would have had the IP address of the computer forwarding it in the email header.
#11
Scooby Regular
Join Date: Feb 2005
Location: Derbyshire
Posts: 12,304
Likes: 0
Received 0 Likes
on
0 Posts
A lot depends on how the PC is configured. If you found my PC and tried to connect to the internet via the modem, it will be calling my office on an 0800 number for re-routing, in which case, yes we'd be able to track you via IP address pretty quickly.
If you connect it to a router then it would depend on something like Messenger auto running and a friend seeing the machine connected or some auto responder on the email package.
If the machine has been re-built then little chance of being tracked, even less if you can flash the NIC with a new MAC address, use a PCMCIA card instead or use some MAC spoofing software.
If you connect it to a router then it would depend on something like Messenger auto running and a friend seeing the machine connected or some auto responder on the email package.
If the machine has been re-built then little chance of being tracked, even less if you can flash the NIC with a new MAC address, use a PCMCIA card instead or use some MAC spoofing software.
#12
Scooby Regular
iTrader: (6)
A lot depends on how the PC is configured. If you found my PC and tried to connect to the internet via the modem, it will be calling my office on an 0800 number for re-routing, in which case, yes we'd be able to track you via IP address pretty quickly.
If you connect it to a router then it would depend on something like Messenger auto running and a friend seeing the machine connected or some auto responder on the email package.
If the machine has been re-built then little chance of being tracked, even less if you can flash the NIC with a new MAC address, use a PCMCIA card instead or use some MAC spoofing software.
If you connect it to a router then it would depend on something like Messenger auto running and a friend seeing the machine connected or some auto responder on the email package.
If the machine has been re-built then little chance of being tracked, even less if you can flash the NIC with a new MAC address, use a PCMCIA card instead or use some MAC spoofing software.
But you wouldnt.. you might be able to get the number they are calling from, but you would then require the police to obtain an address of that number !
#13
Scooby Regular
Join Date: Feb 2005
Location: Derbyshire
Posts: 12,304
Likes: 0
Received 0 Likes
on
0 Posts
#15
Scooby Regular
Join Date: Feb 2004
Location: High Wycombe
Posts: 3,763
Likes: 0
Received 0 Likes
on
0 Posts
1. The Govt should be using EFS on all their portable machines / disks
2. If I were to acquire a stolen machine, the first thing I'd do (after poking around off line) would be to format it.
2. If I were to acquire a stolen machine, the first thing I'd do (after poking around off line) would be to format it.
#16
Scooby Regular
Join Date: Feb 2005
Location: Derbyshire
Posts: 12,304
Likes: 0
Received 0 Likes
on
0 Posts
#18
I noticed that the MOD has lost about 500 laptops over the last year, and this is now blowing up into a good old political row
I was just wondering what would happen if you were to acquire one of these and then connect up to the internet, say at home. Is there some unique ID on the computer which would show up and this could be put together with an IP addess to work out where you are.
I was just wondering what would happen if you were to acquire one of these and then connect up to the internet, say at home. Is there some unique ID on the computer which would show up and this could be put together with an IP addess to work out where you are.
Seriously though, I cannot believe how the MOD manage to lose so many. Everything we had from them was signed for and there seemed no way that they would ever fail to get their property returned. All seems a bit strange to me.
Les
Thread
Thread Starter
Forum
Replies
Last Post
Sam Witwicky
Engine Management and ECU Remapping
17
13 November 2015 10:49 AM