Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Some perl scripts to help track stolen computers' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Some perl scripts to help track stolen computers
Authored by: Grant Symon on Aug 28, '06 08:55:58AM

I don't understand how this will work with ARD.

You must have port forwarding at the remote end (chez le thief) in order to observe control the Mac. UDP and TCP ports 3128 and 5900 need to be forwarded to the LAN IP address of the stolen machine, either from his router/modem or via a wireless network, whichever is controlling the internet connection and dhcp or manually assigned addresses.

However, having the IP address emailed via a script would mean that you could 'ping' or 'trace' the account with the Network Utility and get all the necessary info about their ISP and presumably from there the ISP could tell you the actual account/street address that the connection is being made from. I'm not sure how this would work if they're using a dial up POTS connection though. :/

If this can be done without port forwarding, using ARD, then I'd love to know.

Grant Symon



[ Reply to This | # ]
Some perl scripts to help track stolen computers
Authored by: kbradnam on Aug 28, '06 09:17:33AM

Hi Grant,

The scanner section of Remote Desktop allows you to add computers based on their IP address. This of course assumes that the computer is running the Apple Remote Desktop client (enabled from the Sharing panel of System Preferences) and that you know the correct username and password of that computer (as would be the case if it was your computer that was stolen).

After enabling the Remote Desktop client, the bottom of the System Preference window actually says "Others can manage your computer using the address 123.456.789.123".

I have not had to enable any additional port forwarding to get this working and I have tested this with my iBook. As long as I have an IP address and my user account is still on the machine, then I can observe/control the computer using Remote Desktop.

Regards,

Keith



[ Reply to This | # ]
Some perl scripts to help track stolen computers
Authored by: rhowell on Aug 28, '06 09:55:20AM

I think Grant is suggesting that the IP address of the stolen laptop will usually be something like

10.0.0.1

which is typical of computers behind a router. The router's IP address (assigned to it by the ISP) may be something meaningful like

168.154.34.138

If the associated ports for this IP address are forwarded to 10.0.0.1, then ARD will most likely work.



[ Reply to This | # ]
Some perl scripts to help track stolen computers
Authored by: kbradnam on Aug 28, '06 10:04:22AM

Ah I see. In my case I share my home internet connection (which has a fixed IP address) over an Airport wireless network. When my iBook is sitting at home, the script reports the fixed IP address. In other circumstances (depending on the actual network setup), the get_IP.pl script might not be so helpful and you might have to rely on the get_desktop.pl or get_isight.pl scripts giving you useful information instead.

Regards,

Keith



[ Reply to This | # ]
Some perl scripts to help track stolen computers
Authored by: Grant Symon on Aug 28, '06 02:00:15PM

Keith,

it's funny that you find it easy to connect behind your firewall/router setup, but if you go to the Apple Discussions for ARD, you'll find that most people have a pretty hard time getting ARD to work via the internet. Ports 3282 and 5900 must be open and forwarding in both directions (and both ends) for it to work. If the connection is a cable connection, then it's less of a problem, since it's direct, but for DSL, this is a must on the router.

I have found running 10.4.7, that I have also had to ADD a user configuration to the Sharing Firewall prefs, because just checking ARD in the Services pane, doesn't let ARD through ... even although this is its *sole purpose*. :)

OTOH, Timbuktu can connect via the net more easily.

All that said ... something else occurs to me that may actually be more effective.

All the new Macs (apart from the Mac Pro) have an isight camera built-in. Couldn't a script be written to take a shot and email after a short delay ... if for example ... a second script was not run? IOW, you open your MacBook from sleep and systematically click a script in the dock, which sets a flag. If that flag is not set, then 10 seconds later the iSight camera takes a snapshot ... or several at intervals and as soon as there is an active internet connection it sends them via email or posts them to a server ... whatever.

That combined with the grabbed IP address of the router should be enough to catch and convict most thiefs.

Grant



[ Reply to This | # ]
Some perl scripts to help track stolen computers
Authored by: ctierney on Aug 28, '06 10:01:19AM

(I love that TB2 article.) Assuming must poeple have web access, another stategy might be to restrict your network operations to port 80, by using curl to access a page on a website that you control. Even if it doesn't exist, you'll generate 404 log entries containing the remote ip address of the stolen laptop. You could also pass additional info to your logs by appending it to the query string. The technique could even be extended to give yourself a back door to the remote laptop. The file that you access might contain scripts to run if the file is successfully downloaded.

Poor man's RDC all via port 80. :)

--
Cole



[ Reply to This | # ]
Getting through a firewall
Authored by: sr105 on Aug 31, '06 07:43:31AM

If you have access to another unix/OS X based machine on the net, you could setup an account there whereby your laptop would login there and create ssh tunnels for ARD. Then, it wouldn't matter if the laptop was behind a firewall. It might be rather slow depending on the network speeds of all three locations. One plus, is that your unix machine is the only IP you need to know to use ARD no matter where the laptop is located.

As for knowing the IP, just hit whatismyip.com or something similar from the laptop. You could even create a little C,python,perl app on the same unix machine that simply reports the laptops real IP when a connection is incoming and does nothing else.

I've used VNC this way. Well, without the automatic server login, though, but that can be done.



[ Reply to This | # ]