Re: Searching for stolen computers

Subject: Re: Searching for stolen computers
From: tcv (tcv@ninjatech.cjb.net)
Date: Thu Sep 11 2003 - 14:07:10 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: tcv: "Re: SCO and the US Federal Trade Commission"
• Previous message: Barsalou: "Looking for a good Linux printer/fax"
• In reply to: bryan@ak.net: "Re: Searching for stolen computers"
• Reply: tcv: "Re: Searching for stolen computers"
• Reply: tcv: "Re: Searching for stolen computers"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 11 September 2003 10:34 am, bryan@ak.net wrote:
> On Thu, Sep 11, 2003 at 08:42:59AM -0800, William F. Fulton <fulton@gci.net>
wrote:
> > We have successfully tracked and recovered three machines by doing
> > searches for the MAC
> > once it pops up do a tracert that will give you the ISP at that point you
> > can notify the security department of the ISP and APD this doesn't work
> > if they change the NIC but its worth a shot
>
> How can you determine the MAC address of a NIC on someone else's
> network?

Depending on the operating system , you can grab the MAC addy of *alot* of
winboxen remotely with visible NBT or SNMP services open with tools like

nbtscan:
http://www.inetcat.org/software/nbtscan.html

or

getmac.exe in the NT resource kit

Other SNMP-enabled devices may give this information up willingly. Use an
appropriate SNMP MIB walker.

How valuable was the machine?

/begin techy humor
If you want to go completely overboard with protecting your hardware against
physical theft in the future you could set up your more sensitive machines
with a GPS receiver card ... something like:
http://www.meinberg.de/english/products/gpspci.htm

and a cellular modem like 3Com's 56K Global GSM Cellular Modem PC Card
to track the box

/end techy humor

Also , if it was someone with any technical knowledge, it is a trivial
exercise to change your MAC address on most popular ethernet cards. I believe
there are point and click programs to do this on win32 now...

oh yes:
 http://www.klcconsulting.net/smac

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/YPIcqzMRhW8EKZsRAr4iAJ4y4xT9wpGpDmUA6D8RMEvOHouZFwCeJqDy
mulYFTOeBIm5/C4K6tu8Eok=
=XASb
-----END PGP SIGNATURE-----

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: tcv: "Re: SCO and the US Federal Trade Commission"
• Previous message: Barsalou: "Looking for a good Linux printer/fax"
• In reply to: bryan@ak.net: "Re: Searching for stolen computers"
• Reply: tcv: "Re: Searching for stolen computers"
• Reply: tcv: "Re: Searching for stolen computers"

This archive was generated by hypermail 2a23 : Thu Sep 11 2003 - 14:01:48 AKDT