Page 1 of 4 123 ... LastLast
Results 1 to 10 of 39

Thread: stolen laptop

  1. #1
    7ELEVEN
    Guest

    Default stolen laptop

    Ok so my friends house was broken into over the weekend

    the only thing of much value they took was his new laptop.

    i came up with a way to track the laptop that my work, and wanted to bounce some ideas around.

    we know that the person that stole the laptop probably doesn't live farther than a 5 mile radius from were my friends house is


    what i was thinking is driving around the area with kismet fired-up to try to see if the laptop is in and connected to and AP's.

    I was wondering if there would be a way to get kismet to alert me if a specific mac address pops up?

    any ideas would be appreciated.

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by 7ELEVEN View Post
    Ok so my friends house was broken into over the weekend

    the only thing of much value they took was his new laptop.

    i came up with a way to track the laptop that my work, and wanted to bounce some ideas around.

    we know that the person that stole the laptop probably doesn't live farther than a 5 mile radius from were my friends house is


    what i was thinking is driving around the area with kismet fired-up to try to see if the laptop is in and connected to and AP's.

    I was wondering if there would be a way to get kismet to alert me if a specific mac address pops up?

    any ideas would be appreciated.
    ...and then what if you find it? I doubt that the police would be able to get a search warrant based upon a kismet log and your assumption that you know it's in a particular house.

    Of course, you could always go knocking on doors and asking if they stole your friends laptop, but before you do, I'd suggest you have all your affairs in order.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by 7ELEVEN View Post
    Ok so my friends house was broken into over the weekend

    the only thing of much value they took was his new laptop.

    i came up with a way to track the laptop that my work, and wanted to bounce some ideas around.

    we know that the person that stole the laptop probably doesn't live farther than a 5 mile radius from were my friends house is


    what i was thinking is driving around the area with kismet fired-up to try to see if the laptop is in and connected to and AP's.

    I was wondering if there would be a way to get kismet to alert me if a specific mac address pops up?

    any ideas would be appreciated.
    Nope........ Though you could manually search the logs later.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Barry View Post
    Nope........ Though you could manually search the logs later.
    Couldn't you write a script that would occasionally grep the log file for a certain mac address and if it finds it, sound a bong or something? Have Crontab run it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    7ELEVEN
    Guest

    Default

    Quote Originally Posted by streaker69 View Post
    Couldn't you write a script that would occasionally grep the log file for a certain mac address and if it finds it, sound a bong or something? Have Crontab run it.

    that would be perfect! some kinda sound or soemthing


    dont worry, when the mac pops up me and a few friends will do a lil stake out. my friend got a look at the thief

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by 7ELEVEN View Post
    that would be perfect! some kinda sound or soemthing


    dont worry, when the mac pops up me and a few friends will do a lil stake out. my friend got a look at the thief
    A stake out is fine. But please do not attempt to intervene without police help. Try to gather all the evidence that you can and then go to the police station with your evidence and sit down and talk with them. Be calm, polite and respectful and I'm sure that they'll help you out. Trust me, I've had lots of dealings with LEO's over the years, and they appreciate it if you do as much as you can to help them make their case.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #7

    Default

    This won't help you now, but maybe could next time around. This is for laptops with embedded 3G modules. But I think I also saw something similar for WiFi

    http://investor.phoenix.com/released...leaseID=313552

    An intuitive and simple-to-use web interface allows users to remotely manage and even 'brick/unbrick' their notebooks. Through interoperability with the Ericsson's F3507g Modules, Phoenix FailSafe enables these policies even when the notebooks are on a cellular network, ensuring that among other features, the GPS location capabilities and data are sent to the IT department's web-based security center.
    The link budget is not a problem, we intend on splitting the bill...

  8. #8
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    You might also want to remember that since it is your laptop, any information that is entered into it is yours too. If you do manage to find it you already know what services are installed and its update status you might be able to get inside. Once in, put in a keylogger/vnc or whatever suits your fancy.

    If it is a newer laptop with a built in webcam/mic, well you just got yourself a fly on the wall so to speak. This is great if they keep the laptop, if on the other hand you are worried about them trying to pawn it you should probably get the police involved immediately.

    Its a little like an idea I heard for a pen test of a corperation. Get an inexpensive laptop with a webcam/mic built in and preconfigured keyloggers and backdoors installed already, then send it in to the company as a "free gift" for being such a loyal Dell customer or something like that. Or perhaps as a trial device from corporate HQ to see what employees thought of upgrading laptops. Its almost guaranteed that someone will log into the network eventually.

    No one thinks about physical Trojans anymore, even though they have been around for 3000 years.
    Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."

    Neo: "What if I take both?"

    Morpheus: "Don't do that! You end up like Nick Nolte!"

  9. #9

    Default

    7eleven: You CAN have kismet alert you to a specific MAC address. In the kismet.conf file, look for the "filter_tracker" line, uncomment it and set it so that you are filtering for ONLY your MAC address of interest. For example, if your stolen latop's wireless MAC is de:ad:be:ef:ca:fe, you would set the filter_tracker as follows:

    filter_tracker=SOURCE(de:ad:be:ef:ca:fe) (you could also use DEST, but not ANY)

    That will filter out all data EXCEPT 'SOURCE' packets from that specific MAC address.
    Also, make sure you set sound=true (I'm not positive if kismet will beep when finding it since I don't use a sound card), but it will be the only hit on your kismet screen.

    Good Luck!

  10. #10
    Member PeppersGhost's Avatar
    Join Date
    Jan 2008
    Posts
    204

    Default

    Quote Originally Posted by streaker69 View Post
    Couldn't you write a script that would occasionally grep the log file for a certain mac address and if it finds it, sound a bong or something? Have Crontab run it.
    tail -f /you'relogfile | grep MAC

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •