Author Archive
Google shell application is *really cool*
by Brian on Jun.04, 2008, under General Info
There’s a new way to search Google’s massive indexes. It’s called the Google Shell. You can find it at http://goosh.org Try it right now.. It’s basically a very UNIX-like way to search Google. You can use UNIX-ish commands to search. Try it!
The Everex Cloudbook CE1200V. Not *exactly* a brick…
by Brian on Jun.01, 2008, under Linux
Uncle Sam recently decided to task me with spending some of his money, in an effort to stimulate the economy. Being thusly stimulated, I felt it my national duty to spend it. So, I bought an Everex Cloudbook.. Don’t laugh.. The WLAN adapter uses an RTL8187 chipset, perfect for breaking encryption on wireless networks. (and *quickly*) I booted the factory-installed gOS, and clicked around in it for about 10 minutes before wiping it. (first mistake) However, installing alternate OSes on it seems to be quite a feat. There’s no optical drive, so your choices are to boot to an external CD/DVD, USB device, or PXE netboot.
For this, I choose to PXE netboot. (I have a few OpenBSD servers around, and all you really need to netboot something is a DHCP server and a tftp server. Both of which are built in to every OpenBSD base install.)
Apparently, because the wireless card is a USB device, you need the “wifid” binary from the default OS to activate the power button to turn it on. So, after wiping it, the only connectivity I had available was via patch cable. The *good* news was that Everex offers a download of the Cloudbook ISO. The bad news is that it’s about 1 GB. I downloaded it, and mounted it with <code> # mkdir /media/cloudbook && mount -o loop Cloudbook.iso /media/cloudbook </code> I then copied the wifid binary to my laptop, and then to a USB flash drive. I also downloaded the netboot installer for the Ubuntu 8.04LTS release, and placed it into the tftp root on my DHCP server. I altered the dhcpd.conf to include the MAC address of the Cloubook and name of the kernel to boot. Installing Ubuntu 8.04LTS via netboot was really fast on the LAN, and finished in about an hour. (without CPU frequency scaling built into the generic kernel, the Cloudbook’s VIA C-7M processor will only run at 600mHz)
After recompiling the kernel, the CPU now runs at 1.2 gHz. The CPU frequency scaling governor is set to “ondemand” by default, so I manually turn it up when connected to AC. <code> # cpufreq-selector -g performance </code>
Oops, when recompiling the kernel, I forgot to enable the sound card. Back to compiling the kernel..
Anyway, if you get stuck, there’s a great forum with lots of helpful information regarding the Cloudbook here: http://www.netbookuser.com . Props to Dimethoxyhead for the CPU scaling information.
Moving Outlook email to Entourage
by Brian on May.14, 2008, under Mac OSX, Windows Info
Shamelessly ripped from O’Reilly…
Microsoft has not yet provided an import function that allows bringing email messages into Entourage (.mbox files) from Outlook (.pst files)
Here is a procedure, which works moving message files from Outlook (or Outlook Express) on Windows XP to Entourage on Mac OS 10.2.
On the PC
1) Open Outlook Express and import the mail folders from Outlook: File/Import/Messages. (This converts the messages in the Outlook .pst file into .mbox format. Using the Outlook Express import utility has the advantage of maintaining the date of the email, which would be lost using the export to a file function within Outlook.
2) In Outlook Express, open an email folder, select messages and drag and drop into a Windows Explorer folder. (The messages will be appended with an .eml extension but they are in a Mbox format readable on Mac).
3) Transfer the folder to the Mac (or open the folder on the Mac if the PC and Mac are networked).
On the Mac
4) Open Entourage. In the Mail folder create a temporary folder and drag and drop the Outlook Express .eml files into the folder (do not try to transfer more than 150 files at a time).
5) The messages are now in Entourage, but each is in a separate folder. To put them in the appropriate folder (such as Inbox), you can search for and select all the messages, then drag and drop into the appropriate folder. Here’s how a) click on the temporary folder; b) go to Edit/Advanced Find from the drop down menu; c) Check the “Include subfolders” box and under Criteria select “Does not contain”, then put in any text not in your email subject line (for example: qqqqqqqqqqqqqqqqqq). All messages should be selected and you can drag and drop to the appropriate folder. Delete the temporary folder, which will now be filled with empty folders.
Just in case you ever run across an Emulex NetQue NQ03…
by Brian on May.04, 2008, under Networking
Thanks to Robert, this post is now new and improved! We’ve got Emulex NetQue03 manuals!
1. The NetQue Command Reference
2. The NetQue User Manual
3. The NetQue Windows NT Installation Guide
ALSO- It appears that we happen to have a perfectly functional Emulex NetQue03 Print Server for sale. If you need one, let me know, and I’ll put you in touch with the owner.
I had to change the default gateway on an Emulex NetQue NQ03 print server last Friday. Thankfully, the default root password was still in place. After logging in via telnet, I realised that I had no idea how to change it. I threw a few *NIX commands at it, and it responded either: Invalid command or Ambiguous command. (or something to that effect..) I’m not sure what OS this thing runs, but it didn’t like *anything* I threw at it. As I am not one to leave a piece of equipment malfunctioning, I *had* to figure this one out.
In any case, here’s what I now know. There is not a manual for this device to be found anywhere online. Emulex doesn’t even *mention* this device on their site in the “legacy products” section. So, log in via telnet. If you’re lucky, the default user account is username ‘admin’ with a blank password. You’ll get to a single shell prompt. (looks like this: > ) Then, to enter priveleged mode, type ‘su’, and hit enter. The default root password for the NQ03 is ‘system’. If you are successful, you’ll see a double shell prompt. (looks like this: >> )
The commands you need to change the default gateway are here:
Enter Username: admin
Enter Password: <enter>
> su
Enter Password: system <enter>
>> change node IP 111.222.333.444 gateway default <enter>
>> sync <enter>
>> sync <enter>
>> init delay 0 <enter>
This will drop your connection and reboot the device immediately. When it comes back, you can log in and issue the ‘show config’ command to verify that the gateway was successfully changed.
NOTE: Emulex has END-OF-LIFED all printer servers (NETJet, NETQue, NETQue Mate, NETQue Pocket, NETQue Pro2, NETQue Token), terminal/communications servers (P2500 series, P3000, P4000, P6000, P8000), remote access servers (ConnectPlus LT and Pro), and WAN adapters (XP, MPC, and DCP series) in the year 2000. No further software nor hardware updates will be provided. Manufacturing has ceased on these products. No new models will replace these products. Support and repair will remain available as a best effort. Emulex is focusing exclusively on Fibre Channel and Network Attached Storage (NAS) connectivity.
to Vista or not to Vista… That seems to be the question…
by Brian on Mar.22, 2008, under Windows Info
You know, the only 2 problems that I have with Vista right now, is that certain features of hacking programs requiring raw open sockets don’t work. (for instance, Nmap cannot send a half-open SYN scan packet out through the Ethernet adapter because it’s stopped by the OS.) I’m sure that that’s considered a feature, it stops the bad guys from doing lots of undesirable things, but it also stops me from finding those holes. It could be argued that these features will no longer be needed due to improvements in the default security stance of their new OSs, but as long as there are 2000 and XP machines out there, I *need* this functionality. It may be possible to allow this behavior through registry-hack or otherwise, but it hasn’t been a pressing enough issue for me to worry about, yet.
The other problem that I have is the forced hardware forklift-upgrade. You really cannot just upgrade your existing machines to use with Vista. This seems to be consistently problematic, and that the best course of action for users would be to purchase new hardware specifically for running Vista.  On a recent implementation, all workstations were bought specifically with running Vista in mind, and all machines behaved perfectly during the migration to a new Active Directory running on SBS 2003 R2. The new “File and Settings Transfer Wizard†is called “Windows Easy transfer†and it works *PERFECTLY*. A HUGE improvement over FSTW.
I’m running 64-bit Vista Ultimate on a Lenovo T61 [T7100] 1.8gHz dual-core with 2Gb of RAM with a 74gb hard disk with Office 2007 Enterprise.
Run it on your workstations, if you get a Windows Experience Index of 3.5 or better, I say do it.
Brian
My list of banned mail servers
by Brian on Sep.16, 2007, under General Info
Just in case anyone cares, here’s the list of servers I refuse to accept mail from. This is a very large list, (over 22,500 hosts and networks) and is fairly restrictive. It covers all IP address space in China, Korea, most of Holland, and many others that have spammed my servers.
If you find yourself listed here, don’t email me. I don’t care. It’s my mailserver, and I’ll accept mail from whomever I please. Â :PÂ Â
P.S. If you are listed here by individual IP address, you suck. Stop spamming people. Loser.
Anyway, here’s the list:
https://cryptednets.org/bannedmailservers.csv
If you use OpenBSD’s PF, and want to use it in a table, copy the list to “/etc/bannedmail” and then you can add the list like so:
# pfctl -t <bannedmail> -T add `cat /etc/bannedmail`
then, just disallow these IP’s from connecting to your mail server:
First, add the table to the pf.conf:
table <bannedmail> persist file "/etc/bannedmail"
and
block drop in quick on $ext_if from <bannedmail> to any
or
rdr on $ext_if proto tcp from !<bannedmail> to $ext_if port 25Â -> $mailserver port 25
Configuring a Cisco PIX 501
by Brian on Jun.28, 2007, under Networking
If you’re using Windows 2000 (service pack 4 and higher), HyperTerminal is included. To access it, go to Start > Programs > Accessories > Communications, and click the HyperTerminal icon. When the program starts, type in “PIX.” At the bottom of the box, select COMÂ 1. In Properties, select 9600 bits per second; data bits: 8; parity: none; stop bits: 1; and flow control: none.
If you’re using the console to configure your PIX for the first time, you should see a message that says:
Pre-configure PIX Firewall now
through interactive prompts? [yes]?
Hit the Control-Z keys, and you’ll see the prompt. The “>” sign tells you that you’re in unprivileged mode, and that you can only view your current configuration. In order to change settings, you’ll have to switch to privileged mode. To do this, type “en” at the prompt. (You’ll see the hash symbol “#” when you’re in privileged mode.) It should look like this:
pixfirewall#
Wait a second: We haven’t entered a password yet. To do this, hit Return again to get to the prompt and enter a password.
Configuration Time
Because your router is “out of the box,” it has no default configuration. It doesn’t know its place in the universe, nor does it know what type of traffic you’d like it to forward or restrict. To tell it these things, we’ll go into “configure terminal” mode (or “conf t” for short). At the prompt, enter:
pixFirewall#config t
Now the prompt should look like this:
pixFirewall (config)#
The router, on the other hand, has no configuration (because we cancelled out of the setup). Any time you’d like to see the configuration, type the following at the command prompt:
pixFirewall(config)# wr tÂ
You should see it spit out something like the following:
PIX Version 6.3(3)
interface ethernet0 auto shutdown
interface ethernet1 100full shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
<— More —>
Hit the space bar to continue, and you should see:
pager lines 24
mtu outside 1500
mtu inside 1500
no ip address outside
no ip address inside
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00
h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no -server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end
[OK]
pixfirewall(config)#
Assigning a Password
Fresh out of the box, a PIX firewall doesn’t have a password, so let’s assign one now. Type “enable password” and then enter a password. In our example, we’ll use the word “techst0ck.”
pixFirewall(config)# enable password techst0ck
Now we’ll bring up those two interfaces, as out of the box, they’re down.
pixFirewall(config)# interface ethernet0 auto
pixFirewall(config)# interface ethernet1 100full
You can see the status of these interfaces by typing:
pixFirewall(config)# show interfaces
That command will give you this:
interface ethernet0 “outside” is up, line protocol is up
Hardware is i82559 ethernet, address is 0011.92c5.6b92
MTU 1500 bytes, BW 100000 Kbit full duplex
28354 packets input, 2040341 bytes, 0 no buffer
Received 28383 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/1)
output queue (curr/max blocks): hardware (0/0) software (0/0)
interface ethernet1 “inside” is up, line protocol is up
Hardware is i82559 ethernet, address is 0011.92c5.6b94
MTU 1500 bytes, BW 100000 Kbit full duplex
246 packets input, 29521 bytes, 0 no buffer
Received 246 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks):
hardware (128/128) software
(0/1) output queue (curr/max blocks):
hardware (0/0) software (0/0)
Now that the interfaces are up, it’s time to assign both an inside and an outside IPÂ address. It is between these two addresses that your PIX will permit or deny traffic, so if this step isn’t done correctly, traffic cannot come in or leave your network correctly.
Let’s assume you assign your outside address dynamically (for instance, your ISPÂ automatically assigns you an IP address). To let your ISP autoassign one, type:
pixfirewall(config)# ip address outside dhcp
If there is a DHCPÂ server upstream from you that is properly configured to lease you an IP address, you’ll get a message similar to this one:
Allocated IP address =12.110.110.91, netmask =255.255.252.0, gateway = 12.110.110.1
If this doesn’t work, then you’ll need to manually assign your IP address on ethernet0. If your ISP told you your IP address is, say, 12.110.110.91/24, then you’d type in this:
pixFirewall(config)# ip address
outside 12.110.110.91
255.255.255.0
Once you’ve finished, you’ll need to set the IP addresses of the inside (ethernet1) interface as well.
pixFirewall(config)# ip address inside 10.1.1.1 255.255.255.0
The 10.x.y.z address we choose is a private IP address (also called a non-routable IP). We could’ve a chosen a wide range of IP addresses (10.0.0.0 through 10.255.255.255; 172.16.0.0 through 172.31.255.255; or 192.168.0.0 through 192.168.255.255), but we arbitrarily chose 10.1.1.0.24.
If everything goes according to plan, type:
pixFirewall(config)# show ip address
You’ll get something like this:
System IP Addresses:
ip address outside 12.110.110.91
255.255.252.0
ip address inside 10.1.1.1
255.255.255.0
Current IP Addresses:
ip address outside 12.110.110.91
255.255.252.0
ip address inside 10.1.1.1
255.255.255.0
Ethernet Considerations
In order for our inside (Ethernet1) and outside (Ethernet0) interfaces to work, they need to be configured properly with global addresses, NATÂ (network address translation), and routing. Without these, your PIX is just a box with two IP addresses and no way to translate inbound traffic to your public IP or public traffic to your internal addresses.
The PIX 501 is the smallest model from Cisco, so we’ll assume that your network isn’t too large. In this example, we’re only going to NAT your one public IP. Theoretically, you can NAT 254, although you’re limited to 10 devices unless you buy an upgrade license.
If you use DHCP, then you’ll need to configure the PIX to route outgoing traffic. Since it’s DHCP, we don’t really know where that is, as our ISP may very well decide to change our IP address without telling us. In this case, we’ll need to type in the following line:
pixfirewall(config)# ip address
outside dhcp setroute
If all went well, you should see something like this:
Allocated IP address =
12.110.110.91, netmask =
255.255.252.0, gateway =
>12.110.110.1
If all didn’t go as planned, you’ll have to manually add your route:
pixFirewall(config)# route outside
0.0.0.0 0.0.0.0 12.110.110.1
To double-check that route, type:
pixFirewall(config)# sh route
And, in the case of our first DHCP example, you should get something similar to the following:
pixfirewall(config)# sh route
outside 0.0.0.0 0.0.0.0
12.110.110.1 1 DHCP static
outside 12.110.110.0
255.255.252.0 66.215.246.91 1
CONNECT static
inside 10.1.1.0 255.255.255.0
10.1.1.1 1 CONNECT static
Now that the PIX knows what to do with outgoing traffic (send it upstream to another router), we now need to give it specific instructions on how to translate traffic between the two interfaces. Use this command to make that happen:pixfirewall(config)# nat (inside) 1
10.1.1.0 255.255.255.0
pixfirewall(config)# global
(outside) 1 interface
If you did this correctly, the second line will give the message:
outside interface address added to PAT pool
Now your PIX has been configured to translate traffic between your public (12.110.110.91) address and your private 10.1.1.0/24 network. The only thing left now is to configure the DHCP server on the internal interface. Doing so will allow the PIX to automatically assign IP addresses to those on your network; similar to the way an ISP automatically assigns IPs to its users. To do this, follow these instructions:
pixfirewall(config)# dhcpd address 10.1.1.32-10.1.1.63 inside
pixfirewall(config)# dhcpd dns 4.2.2.1 4.2.2.2
pixfirewall(config)# dhcpd lease 3600
pixfirewall(config)# dhcpd ping_timeout 750
pixfirewall(config)# dhcpd enable inside
One note on the DHCP server configuration above is that you may have to obtain DNSÂ numbers from your provider. If you don’t have those numbers readily available or aren’t sure what to do, you can use 4.2.2.1 and 4.2.2.2. The only problem is that these numbers might not quickly resolve your Web pages as your own ISP, so you should consider using numbers your ISP provides.
If all has gone well up to this point, computers that are plugged into the back of your PIX (in slots 1 through 4) should have no problem getting on the Internet. In fact, if you go to any of these computers and (assuming you’re running Windows 2000 or Windows XP) go to Start>Run and type “cmd,” you can test the connection. At the prompt, type:
C:ipconfig
Your IP address, which should lie somewhere between 10.1.1.32 and 10.1.1.63, should be displayed if your network settings were configured to obtain an IP automatically. If an IP address showed up, type:
C:ping 10.1.1.1
And you should get a response similar to this:
Pinging 10.1.1.1 with 32 bytes of data:
Reply from 10.1.1.1: bytes=32 time<10ms TTL=255
Reply from 10.1.1.1: bytes=32 time<10ms TTL=255
Reply from 10.1.1.1: bytes=32 time<10ms TTL=255
Reply from 10.1.1.1: bytes=32 time<10ms TTL=255
Ping statistics for 10.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Saving Your Configuration to Memory
If all went well, and your DNS is properly working, you should be able to open your browser and surf the Internet as usual. If that’s the case, let’s proceed to saving the running configuration to memory.
pixFirewall(config)# wr m
Building configuration…
Cryptochecksum: 2083012d dc56002e ebb9e5d3 f405a373
[OK]
Security Considerations
At this point, the question often arises, “How secure am I?” The answer: Not nearly as secure as you’ll ultimately want to be. Thanks to Cisco’s Adaptive Security Algorithm ( ASA), the firewall settings are similar to the default settings of a home Linksys or Netgear router: All outbound traffic is permitted (unless expressly prohibited), and all inbound traffic is denied (unless expressly permitted). Your network will no doubt need much more security than this, so you will need to either read through Cisco’s documentation or hire a networking consultant.
If you’re curious about Cisco’s ASA settings, type in “wr t” from the command line and you’ll see something like this:
Building configuration…
: Saved
:
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
In the end, the “security0” and “security100” both specify the security level of each interface. Cisco’s ASA allows traffic to pass from trusted (100) to untrusted (0), but not the reverse. With our configuration, internal traffic can pass freely to the outside because its security level is higher.If you host a Web server, and most, if not all, of your traffic is coming from the outside, how do you let that traffic in? The answer lies with Cisco’s use of Access Control Lists (ACLs). An in-depth look at how ACLs work is beyond the scope of this article, but Cisco’s Using PIX Firewall Commands can help you configure the firewall. And if you’re really stuck, consider hiring a professional network administrator.
At best, poorly configured ACLs can mean sporadic connectivity; at worst, it can mean huge security breaches in your network. What’s especially dangerous for new network administrators is the temptation to do things a certain way because “it works.” In a desperate effort to make things work, they often create ACLs that are too permissive, leaving open big holes for malicious hackers or crackers to exploit.
Just in case you've forgotten…
by Brian on May.31, 2007, under General Info
The 10 Immutable Laws of Computer Security
- If a bad guy can persuade you to run his program on your computer, it’s not your computer any more.
- If a bad guy can alter the operating system on your computer, it’s not your computer any more.
- If a bad guy has unrestricted physical access to your computer, it’s not your computer any more.
- A computer is only as secure as the administrator is trustworthy.
- Weak passwords trump strong security.
- Encrypted data is only as secure as the decryption key.
- An out of date virus scanner is only marginally better than no virus scanner at all.
- If you allow a bad guy to upload programs to your website, it’s not your website any more.
- Absolute anonymity isn’t practical, in real life or on the Web.
- Technology is not a panacea.
Configuring subdomains on IIS
by Brian on Oct.30, 2006, under Windows Info
Configuring the web server for subdomains
Once the DNS server is setup to send the request for the subdomain to the corresponding IP address, the work of the web server begins. The web server needs to be configured appropriately to handle the request for the subdomain based on either the IP address or the host header entry. Host headers are commonly used by web servers to host multiple domains or subdomains on one IP address.
Microsoft Windows IIS : In case of Internet Information Server (IIS), create a new web site for the subdomain using the IIS Manager, and add the subdomain (e.g. subdomain.domain.com) as a new host header value listening to the same IP address as specified in the DNS entry. The port is set to 80 (the default for http requests). The host header can be added by clicking on the advanced tab next to the IP address configuration for that web site application. If the subdomain points to a subdirectory of the web site for the domain, then set the home directory for the subdomain web site to the subdirectory. For example, if the domain.com points to C:Inetpubwwwroot and the subdomain needs to be setup for C:Inetpubwwwrootsubdomain, then the directory for the subdomain website should be set to C:Inetpubwwwrootsubdomain.
Your cell phone does more than you think…
by Brian on Sep.16, 2006, under General Info
Your mobile phone can actually be a life saver or an emergency tool for
survival. Check out the things that you can do with it:
1.) Have an emergency?
The Emergency Number worldwide for **Mobile** is 112 . If you find
yourself out of coverage area of your mobile network and there is an
emergency, dial 112 and the mobile will search any existing network to
establish the emergency number for you, and interestingly this number 112
can be dialed even if the keypad is locked. **Try it out.**
2.) Have you locked your keys in the car?
Does your car have remote keys? This may come in handy someday.
Good reason to own a cell phone:
If you lock your keys in the car and the spare keys are at home, call
someone at home on their cell phone from your cell phone.
Hold your cell phone about a foot from your car door and have the person
at your home press the unlock button, holding it near the mobile phone on
their end. Your car will unlock.
Saves someone from having to drive your keys to you. Distance is no object.
You could be hundreds of miles away, and if you can reach someone who has
the other “remote” for your car, you can unlock the doors (or the trunk).
3.) Hidden Battery power
Imagine your cell battery is very low , you are expecting an important call
and you don’t have a charger. Nokia phones come with a reserve battery.
To activate, press the keys *3370# Your cell will restart with this reserve
and the instrument will show a 50% increase in battery. This reserve will
get charged when you charge your cell next time.
4.) How do I disable a STOLEN mobile phone?
To check your Mobile phone’s serial number, key in the following digits on
your phone:
* # 0 6 #
A 15 digit code will appear on the screen. This number is unique to your
handset. Write it down and keep it somewhere safe. when your phone get
stolen, you can phone your service provider and give them this code. They
will then be able to block your handset so even if the thief changes the SIM
card, your phone will be totally useless.
You probably won’t get your phone back, but at least you know that whoever
stole it can’t use/sell it either.
If everybody does this, there would be no point in people stealing mobile
phones.