RE: Wake-On-LAN security

[Mike Fetherston <mike_sha () shaw ca>]

Hi Hylton and Chris,

WOL works by sending a specially crafted packet to the NIC's MAC address.
See this Wikipedia article for more information on how this works:
http://en.wikipedia.org/wiki/Wake-on-LAN

I've only seen WOL dis/enabled through the system BIOS.  If it's a PCI card
there is, more often than not, a cable that connects the PCI NIC to the
motherboard.  This is how the NIC can turn the PC on when WOL is enabled.
If you don't see it in your BIOS then your system may not support WOL, or
you may need a BIOS upgrade to see the option become available.

Since this operates on Layer 2, it can be filtered by placing a Layer 3
device in front of the PC.

Mike Fetherston


> -----Original Message-----
> From: Hylton Conacher(ZR1HPC) [mailto:hylton () conacher co za]
> Sent: Tuesday, July 11, 2006 11:59 AM
> To: Security basics
> Subject: Re: Wake-On-LAN security
>
> Chris Largret wrote:
> > On Fri, 2006-07-07 at 11:59 +0200, Hylton Conacher(ZR1HPC) wrote:
> >
> > > What command or procedure could be used by a hacker coming through my
> > > ADSL connection into the switch to wake up machines plugged into the
> > > switch that have Wake-On-LAN nics?
> > >
> > > How could I prevent the machines from waking up, besides turning off the
> > > switch or unplugging the network cable?
> >
> > I'm not familiar with the process of remotely turning on computers over
> > the LAN (never had the need to), but I have had the ability to
> > enable/disable it in most of my system BIOSs. That would be the first
> > place to check.
> Thanks Chris, I'll have a look in the BIOS. The NIC is however a PCI
> unit by Genius (model GF100YXR4). When I hardware installed the card I
> cannot remember seeing any switches or toggles.
>
> If I don't come right on finding a solution in the BIOS, I rever to the
> list as the OS is SuSE 9.2 on which I am an almost total newbie to the
> command line.
>
> Tnx
> Hylton
> P.S: I am subscribed to the security basics list so no need to Cc me.
> --
> ========================================================================
> Currently using SuSE 9.2 Professional with KDE and Mozilla 1.7.2
> Linux user # 229959 at http://counter.li.org
> ========================================================================
>
>
> --------------------------------------------------------------------------
> -
> This list is sponsored by: SensePost
>
> Hacking, like any art, will take years of dedicated study and
> practice to master. We can't teach you to hack. But we can teach you
> what we've learned so far. Our courses are honest, real, technical
> and practical. SensePost willl be at Black Hat Vegas in July. To see
> what we're about, visit us at:
>
> http://www.sensepost.com/training.html
> --------------------------------------------------------------------------
> -




---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and
practice to master. We can't teach you to hack. But we can teach you
what we've learned so far. Our courses are honest, real, technical
and practical. SensePost willl be at Black Hat Vegas in July. To see
what we're about, visit us at:

http://www.sensepost.com/training.html
---------------------------------------------------------------------------