OT - Stolen Computer

Discussion in 'Linux Networking' started by William Colls, Jul 30, 2012.

  1. We recently had a computer stolen from our church. There is no
    confidential information on it, but we would still like to get it back.

    We think we can get its MAC address. Does any one know of a program that
    we can fire up that will go out and search around the the machine, and
    tell us if it is connected, and possibly even where?

    Thanks for your time.
    William Colls, Jul 30, 2012
    1. Advertisements

  2. William Colls

    Lew Pitcher Guest

    On Monday 30 July 2012 14:49, in comp.os.linux.networking,
    Sorry to be the bearer of bad news, but your knowing the MAC address of the
    stolen machine is probably not going to help.

    The MAC address is only "exposed" to the local network, and doesn't carry
    forward into internet communications.

    Any "detector" software would have to listen to each and every network the
    computer might directly connect to, and that means /every/ network,
    including inside each LAN that the stolen machine might connect to.

    In other words, you have to be "right beside" the machine to identify it by
    it's MAC address.

    Lew Pitcher, Jul 30, 2012
    1. Advertisements

  3. William Colls

    unruh Guest

    Nope. the mac address is local to the local net that the computer is
    attached to. The last router asks for the mac address of the machine
    whose IP address is X and delivers the messages to that mac address (Arp
    tables). Everything else on the network addresses the IP address.
    Now there exist programs which you can put onto your computer which will
    "phone home" and deliver the ip address of the machine to a central
    registry. Then you can figure out where it is (assuming the thief does
    not wipe the disk). But then that is a bit useless for you now.
    unruh, Jul 31, 2012
  4. William Colls

    Jorgen Grahn Guest

    Except if you use IPv6, where it may form a part of the IPv6 address.
    Not that that would help a lot either, even if the IPv6 internet was
    widely used.

    Jorgen Grahn, Jul 31, 2012
  5. William Colls

    Moe Trin Guest

    On 31 Jul 2012, in the Usenet newsgroup comp.os.linux.networking, in article
    [fermi ~]$ grep AAAA /var/named/named.ca.source
    a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
    d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d
    f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
    h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235
    i.root-servers.net. 3600000 IN AAAA 2001:7fe::53
    j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
    k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
    l.root-servers.net. 3600000 IN AAAA 2001:500:3::42
    m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
    [fermi ~]$

    So, you're saying "a.root-servers.net" and "j.root-servers.net" are
    using the same box (00:00:00:00:02:30) and all but h.root-servers.net
    are using the same ancient Xerox XNS servers built in the early '80s?

    [fermi ~]$ etherwhois 00:00:00
    00-00-00 (hex) XEROX CORPORATION
    000000 (base 16) XEROX CORPORATION
    M/S 105-50C
    WEBSTER NY 14580
    [fermi ~]$

    Well, you did write "may" ;-) Two documents to look at:

    4291 IP Version 6 Addressing Architecture. R. Hinden, S. Deering.
    February 2006. (Format: TXT=52897 bytes) (Obsoletes RFC3513)
    (Updated by RFC5952, RFC6052) (Status: DRAFT STANDARD)

    4862 IPv6 Stateless Address Autoconfiguration. S. Thomson, T. Narten,
    T. Jinmei. September 2007. (Format: TXT=72482 bytes) (Obsoletes
    RFC2462) (Status: DRAFT STANDARD)

    Briefly, _global_ IPv6 addresses are no differently assigned than IPv4
    in that they are what-ever the network administrator or registrar
    pulls out of the hat from the enormous block assigned to him/her.
    The addresses you see in the '/sbin/ifconfig' output are auto-config
    and are based on the MAC address ---> BUT <--- begin with 'FE80' and
    are "Link-Local" and are not to be forwarded beyond the "local" network
    segment (RFC4291 section 2.5.6). There _was_ a "Site-Local" address
    range (FFC0:: /10) formed in the same manner (RFC4291 section 2.5.7),
    but this use is deprecated.
    On the 15th of July, the five Regional Internet Registries had
    allocated or assigned

    IPv4 2037 20479 44658 3860 46949 117983
    IPv6 297 2471 3008 454 5309 11539

    network blocks to Local or National Internet registries, ISPs, and
    end users. (For perspective, on December 31, 1991, there were 11675
    IPv4 blocks.)

    Old guy
    Moe Trin, Jul 31, 2012
  6. That's mostly a red herring; SLAAC will indeed assign global-scope
    addresses derived from the MAC address. It's a matter of configuration
    and as such not universal, but the same is true of IPv6 anyway...

    $ ip link show br0
    3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 00:19:d1:04:d1:76 brd ff:ff:ff:ff:ff:ff
    $ ip addr show br0
    3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 00:19:d1:04:d1:76 brd ff:ff:ff:ff:ff:ff
    inet brd scope global br0
    inet brd scope global br0:0
    inet6 2001:470:1f09:11ed::12/64 scope global
    valid_lft forever preferred_lft forever
    inet6 2001:470:1f09:11ed:219:d1ff:fe04:d176/64 scope global dynamic
    valid_lft 86104sec preferred_lft 14104sec
    inet6 fe80::219:d1ff:fe04:d176/64 scope link
    valid_lft forever preferred_lft forever
    Richard Kettlewell, Jul 31, 2012
  7. William Colls

    Jorgen Grahn Guest

    Yes I did, and thus your long detour above was a bit pointless.

    [Someone else replied, but I can't see that reply as I'm typing this.]

    Only some of them are.

    If you use stateless address autoconfiguration you get a global
    address containing parts of the MAC address. That's how Linux works
    by default -- if you boot up your machine and there's an IPv6 router
    doing Router Advertisement stuff on the local network, you get one of
    those global addresses.

    Jorgen Grahn, Jul 31, 2012
  8. William Colls

    Moe Trin Guest

    On 31 Jul 2012, in the Usenet newsgroup comp.os.linux.networking, in article
    True - likewise some people use DHCPv6
    As I wrote and you trimmed:

    and here, our public visible IPv6 systems are all static, and all
    configured by setting /etc/sysconfig/network-scripts/ifcfg-eth0


    just as we set our IPv4 addresses to static values. It's no big deal
    as the addresses are only set when the systems are installed or when
    they move from one subnet to another which rarely happens. Actually,
    we cheat a bit as the lower bytes of the IPv4 and IPv6 addresses are
    the same, partly because the registrar is lazy.

    Old guy
    Moe Trin, Aug 1, 2012
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.