Page 1 of 5 123 ... LastLast
Results 1 to 10 of 43

Thread: Finding a stolen laptop via wireless

  1. #1
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    12

    Default Finding a stolen laptop via wireless

    Here's hoping this doesn't end up in the idiot's corner

    I'm relatively new to the whole linux/security scene, but I'm learning.

    Here's my problem. I've got a stolen laptop on my campus that's still functioning. I know its MAC and I know the general vicinity of where it's at. I'm using Kismet to see its signal strength and I've even made a "dish" to help my PCMCIA card be more directional. In other words, I'm REALLY close to finding where this laptop is.

    Unfortunately, kismet will only report back signal strength when there's real data coming FROM the client and it's often just sitting there. It's a windows box with its firewall turned on so it won't respond to ping, etc.

    Is there anyway to make the client send out data packets short of deauthing it?

    A Backtrack app and/or windows app would acceptable.

    Thanks in advance,
    TheErk

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by TheErk View Post
    Here's hoping this doesn't end up in the idiot's corner

    I'm relatively new to the whole linux/security scene, but I'm learning.

    Here's my problem. I've got a stolen laptop on my campus that's still functioning. I know its MAC and I know the general vicinity of where it's at. I'm using Kismet to see its signal strength and I've even made a "dish" to help my PCMCIA card be more directional. In other words, I'm REALLY close to finding where this laptop is.

    Unfortunately, kismet will only report back signal strength when there's real data coming FROM the client and it's often just sitting there. It's a windows box with its firewall turned on so it won't respond to ping, etc.

    Is there anyway to make the client send out data packets short of deauthing it?

    A Backtrack app and/or windows app would acceptable.

    Thanks in advance,
    TheErk
    Have you considered reporting the theft to the police?

  3. #3
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    12

    Default

    Not my laptop. And I'm working with the police. Our campus police isn't exactly tech savvy.

    --TheErk

  4. #4
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by TheErk View Post
    Not my laptop. And I'm working with the police. Our campus police isn't exactly tech savvy.

    --TheErk
    If you're working with the police, then there shouldn't be any problem creating traffic by deauthing the client. Explain what you're doing.

    Unless there is a specific reason you don't want to deauth it?

  5. #5
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    12

    Default

    I don't really want to deauth it as there are lots of AP's in that area, don't want it bouncing around from AP to AP as Kismet is AP specific when your looking at client info. Also, I really don't want it to be noticeable if the user gets back on.

    --TheErk

  6. #6
    Junior Member
    Join Date
    Apr 2007
    Posts
    44

    Default

    this story really sounds a bit far fetched.
    why dont you get a search warrant and search the building. apparently you are spending massive amounts of time on one laptop theft anyway..

  7. #7
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by rooster View Post
    this story really sounds a bit far fetched.
    why dont you get a search warrant and search the building. apparently you are spending massive amounts of time on one laptop theft anyway..
    I was thinking the same thing.

  8. #8
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    12

    Default

    Geez. What do I have to do, give a DNA sample?

    Ok, full story, I work for IT at a university. There's a stolen laptop that the thief is still using (moron) in a 5 story dorm building. I've been able to narrow it down to a wing and three floors due to relative signal strength from the AP's, but can't get any closer.

    By using Kismet and an Atheros card, I can get relative Signal strength from a client to my tablet PC, BUT the client has to be "chatty". And evidentially ARP requests isn't enough for it to show up. If I can force the client to send out some real information, then I can easily get a warrant for a particular room (can't do it for the ENTIRE building) and then I've got 'em. I've been able to find pinging IPAQ in my own building that someone hid for me. So I know this will work. But an IPAQ and a windows firewall are two totally different animals.

    Is that enough info to stop the naysayers? Sheesh. I'm not trying to steal information or even hack this guy (although I'm getting to the point of trying that), I'm just trying to get the computer to talk to me a bit so Kismet will give me a reading.

    Thanks,
    TheErk

  9. #9
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by TheErk View Post
    Geez. What do I have to do, give a DNA sample?

    Ok, full story, I work for IT at a university. There's a stolen laptop that the thief is still using (moron) in a 5 story dorm building. I've been able to narrow it down to a wing and three floors due to relative signal strength from the AP's, but can't get any closer.

    By using Kismet and an Atheros card, I can get relative Signal strength from a client to my tablet PC, BUT the client has to be "chatty". And evidentially ARP requests isn't enough for it to show up. If I can force the client to send out some real information, then I can easily get a warrant for a particular room (can't do it for the ENTIRE building) and then I've got 'em. I've been able to find pinging IPAQ in my own building that someone hid for me. So I know this will work. But an IPAQ and a windows firewall are two totally different animals.

    Is that enough info to stop the naysayers? Sheesh. I'm not trying to steal information or even hack this guy (although I'm getting to the point of trying that), I'm just trying to get the computer to talk to me a bit so Kismet will give me a reading.

    Thanks,
    TheErk
    Depending on your school, you may not even need a search warrant.

    Also, despite the fact that a firewall is running, this does not mean there aren't ports configured to be open...

  10. #10
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    12

    Default

    No we actually don't need a warrant, but in that situation we can't press criminal charges, however we just don't have the manpower in UPD to go room to room and search. This is a pretty good sized dorm and our antennas are pretty powerful on our AP's so while I have a general idea on where he is, still think needle in haystack.

    I've been in networking for a while, but security tools is all something rather new to me. Heck, I've worked with Linux more in the last week than I have in the last year. My main problem is that I just can't figure out how to make it reply to something, and to be honest I'm not sure where to start even if there were ports open.

    It doesn't respond to pings, nbtstats, traces, ftp, remote desktop. It doesn't send anything back at all. I can get it to respond to ARPs a lot but that doesn't seem to be enough information for Kismet to pick up.

    My IPAQ sang like a canary when I hit it with a port scanner, but this doesn't do that either. Any ideas for a newb?

    --TheErk

    PS Yes this is a lot of work for a laptop, but it's been slow here recently and I'd REALLY like to catch this guy. Besides if it was your laptop, wouldn't you want someone looking for it if they knew it was still around??

Page 1 of 5 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •