Hello, anyone out there that has experience with Wake on LAN products? I'd like to learn some more about how the devices appear to an outside host and if there's any way that a scanner could determine if the device is truly offline or just waiting for a WOL "magic packet".
I suppose it's difficult to probe as it uses UDP packets. Don't think it even sends a response.
Quite a bit of references on the Wiki page: https://en.wikipedia.org/wiki/Wake-on-LAN
Right, so if it sends no response, a packet scanner gets no info that it's active on that port.
Unless the scanner sends a magic packet, in which case it learns the device is in fact there, but also screws up the whole reason WOL exists...
Quote from: deanwebb on August 28, 2017, 11:08:18 AM
Right, so if it sends no response, a packet scanner gets no info that it's active on that port.
Unless the scanner sends a magic packet, in which case it learns the device is in fact there, but also screws up the whole reason WOL exists...
wouldn't you want the scanner to WOL the PC so it can be scanned?
or you just want to see if WOL is enabled without actually waking the thing up?
The latter. Kind of like a kindergarten teacher making sure all the kids are taking their naps and that none have been kidnapped and replaced with strategically-arranged pillows.
using your compliance manager, create a policy for WOL, run report to see who is not in compliance?
make non-compliant devices compliant. Then you know all devices are compliant.
Not so easy in NAC, though. We're in the business of making sure that in between compliance checks, devices stay compliant. Also, as devices come out of the WOL state, they can be groggy, which gets them NACd if they're not careful. Knowing when a device is in a WOL state can help keep it from getting NACd as it wakes up.
Quote from: deanwebb on August 28, 2017, 11:08:18 AM
Right, so if it sends no response, a packet scanner gets no info that it's active on that port.
Unless the scanner sends a magic packet, in which case it learns the device is in fact there, but also screws up the whole reason WOL exists...
Not immediately. The system would need to POST then boot the OS enough to load the LAN drivers. Then if your server is in a different network it would only get a response after a second packet like a ping and when the target system is able to send a packet to the default gateway destined for the the server / nac.
Well, still, WOL is to keep devices dark until needed.
NAC doing a port sweep with a magic packet wakes up devices that were supposed to be sleeping and, the next day, we see a datacenter guy ask, "Hey, why am I seeing these power spikes every hour?"