Tonight, I noticed my sister login to Skype. Amber alert because she's at work in the pub and I didn't expect her to be online. I fire up a dos prompt to see what tcp/ip connections are open:
C:>netstat -a -b -v -o TCP ferrari:2475 host86-130-14-225.range86-130.btcentralplus.com:41476 ESTABLISHED 384 C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\WS2_32.dll C:\Program Files\Skype\Phone\Skype.exe -- unknown component(s) -- [Skype.exe]
With only one person online in my Skype userlist -my sister's client - I have presumed that this is the connection to my sister's client connection in Skype.
Things aren't initially that hopeful: it's a BT Broadband IP, it's national with hundreds of thousands of subscribers, and it will be a real mare to get anywhere through BT Abuse. I call them anyway, and during a 20min phone call find out the procedure. Then, in between eating a Tikka Masala for dinner, the only Skype connection on my laptop changes to this:
TCP ferrari:3037 student-halls-leodis-pc012-213.leeds.ac.uk:35388 ESTABLISHED 384 C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\WS2_32.dll C:\Program Files\Skype\Phone\Skype.exe -- unknown component(s) -- [Skype.exe]
Now, this seems too much like coincidence. A P2P connection in Skype, that also also goes to Leeds where my sister lives? Now for the detective work: it's obviously leeds.ac.uk, and a quick search for "leodis" brings up the Leodis accomodation in Leeds at LS6 2QF.
LS6 2QF fed to Google Earth gives a pretty picture of Leeds which as the crow flies is within half a mile of my sister's flat. Whoah.
Now the leeds.ac.uk IP gives more than enough to go on, and tomorrow my sis will be visiting Leeds ISS to talk about the geography of the IP address. Further to that, she's got the phone number for the Police Constable who came to her flat after the robbery a week ago.
But - and here's my but - Skype is a P2P product, and therefore in theory, ports open on my laptop could as I understand it be from any other Skype client. Being P2P, I'm just a conduit on the network.
Additionally, what if this student accomodation is wireless? If it is the laptop, it could be within a hundred metres or so, which makes things a little less cut and dried. It might explain the two IP addresses however? The laptop is bouncing between two access points?
Could it be that the leeds.ac.uk IP a red herring? Wouldn't you expect a stolen laptop to get wiped anyway? The location seems more than coincidence. I've phoned my sister at work and she loves the idea that it might turn up; tomorrow she's going into the Uni to find out what they say about the IP address.