[ltp] Don't trust the kensington lock socket

Richard Neill linux-thinkpad@linux-thinkpad.org
Fri, 08 Feb 2008 05:21:23 +0000


>> Marius Gedminas wrote:
>> > On Thu, Feb 07, 2008 at 11:19:18PM +0000, Richard Neill wrote:
>> >> Some slimebag just stole one of our company laptops, which was an R60e

In future, I shall be adding this to rc.local:

HH=www.MYSERVER.com; wget -qO /dev/null http://$HH/$(echo
`hostname`_`grep mac /etc/iftab`|tr -c [:alnum:] _)

with the aim being to catch whoever boots up a stolen machine. Before I
deploy it, does anyone have any thoughts?  In particular, is there an
easy distro-independent way to trigger an event when an interface comes
up, or when the device is otherwise online?


The above is deliberately obfuscated, so to clarify, it does:

FILENAME =  concatenate the mac addresses and the hostname, then replace
weird characters by underscore.

Silently do a wget of this file, from the Home Host (assumed to be
running httpd).

The wget will fail, but apache will log the source IP address and
timestamp, and which machine. That should be enough to locate it. Even
if it's behind DHCP or NAT, law-enforcement can track it.



Downsides:
  - it assumes the thief is stupid enough to plug in the lan
  - it assumes the thief doesn't boot into Windows, or immediately reformat
  - it assumes the thief boots with lan already connected
  - genuine owner risks minor privacy loss.




Thanks for your thoughts,

Richard