5GT stolen, but its back online and trying VPN…

  • ok, so as the title, a client had a break in and had their 5GT stolen (dunno why), now whoever stole it has managed to get it to connect to the internet, here is where it gets interesting, its trying to re-establish its VPN connection, and if I let it then I have full control over it

    is there a way for it to send all traffic that passes through it out as a log file, so I might be able to catch facebook details (or something along those lines) to figure out where it is as the police are being a bit useless at the moment.

  • Ok when it is back online and it is trying to establish the VPN. You can come to know the public IP address from it, once you know the public IP you can come to know about the ISP details etc and from there you can find out to whom this IP address is assigned.

    1. You can set it up to do syslog to a server and log the traffic information.

    2. Otherwise you could setup a route based VPN and send all the web traffic over to you (and maybe route it through a proxy).

    3. Saying all this I believe the best way to mess with them is setup a fake DNS server and redirect certain websites to your own fake copy, you can then easily get their login details when they submit it to the fake site 🙂