[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Stolen laptop



If you've got these features implemented, it wouldn't take much to
turn it into something "general purpose" that:

Woke up
sniffed/characterized the network
Checked against a table to see if it was a known network.

If it's not a known network, it would send a message to a server
saying:
This is who I am, this is where I'm at.

The server should probably work by intercepting port 80, or some other
port that won't get firewalled off. If it was on a specific port, it
would be too easy for people to just block outgoing traffic on that
port.

If the server has it on a list of "stolen machines" it could send back
a message that says, "you've been stolen, tell me more" and the
machine could do traceroutes, nmaps etc. and report back.

If the machine isn't on the stolen list, at some appropriate time,
when the user tries to bring up the network it could respond with a
message:

This is what I've learned about the network, 
I suggest that you configure this machine like this....

Like the guy said, suggestions are easy.


On Mon, Jun 23, 2003 at 07:15:57PM -0400, Joseph Barillari wrote:
> >>>>> "SM" == Steve McIntyre <steve@einval.com> writes:
> 
>     SM> On Sun, Jun 22, 2003 at 08:22:43PM -0400, Joseph Barillari
>     SM> wrote:
>     >>
>     >>>>>>> "SM" == Steve McIntyre <steve@einval.com> writes:
>     >>
>     SM> I've been using the following for a while, which does just
>     SM> what you suggested. Run it out of /etc/ppp/ip-up.d and
>     SM> /etc/cron.daily and redirect the output to mail. This approach
>     SM> does need mail to work, which is another problem entirely. If
>     SM> you're on a foreign network or whatever, then mail may be
>     SM> awkward. I've set up the mail system on my laptop to batch
>     SM> things and send via home over ssh when available, which
>     SM> probably has a good chance of working in most places.
>     >>  Does it require the thief to know how to bring up a PPP
>     >> connection? I would assume that most of the time, the laptop
>     >> might be booted once --- to see if it worked --- and then the
>     >> hard disk would probably be wiped, to make it harder to trace.
> 
>     SM> Good point, yes. Any suggestions on how to improve it?
> 
> Sure -- suggestions are easy. I'd add a tiny network stack to the
> bootloader and have it pull in an IP via DHCP as soon as it loads. An
> even more aggressive approach would sniff the network for a few
> seconds, briefly hijack an IP (in case there was no DHCP server), and
> quickly report home with that IP address.
> 
> Actually /implementing/ anything like that in a bootloader might be a
> bit more difficult.
> 
> As for PPP connections, given that it takes a non-trivial amount of
> time to bring one up, I suspect there is little chance of bringing one
> up clandestinely. Better to take advantage of any connection that the
> user initiates.
> 
> Best, --Joe
> 
> -- 
> Joseph Barillari -- http://barillari.org



-- 
I've found something worse than oldies station that play the music I used to
listen to. Oldies stations that play the "new" music I used to complain about.
lrc@red4est.com                                    http://www.red4est.com/lrc



Reply to: