Wake on LAN

Started by deanwebb, August 28, 2017, 08:19:30 AM

Previous topic - Next topic

deanwebb

Hello, anyone out there that has experience with Wake on LAN products? I'd like to learn some more about how the devices appear to an outside host and if there's any way that a scanner could determine if the device is truly offline or just waiting for a WOL "magic packet".
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

SimonV

I suppose it's difficult to probe as it uses UDP packets. Don't think it even sends a response.

Quite a bit of references on the Wiki page: https://en.wikipedia.org/wiki/Wake-on-LAN

deanwebb

Right, so if it sends no response, a packet scanner gets no info that it's active on that port.

Unless the scanner sends a magic packet, in which case it learns the device is in fact there, but also screws up the whole reason WOL exists...
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

Quote from: deanwebb on August 28, 2017, 11:08:18 AM
Right, so if it sends no response, a packet scanner gets no info that it's active on that port.

Unless the scanner sends a magic packet, in which case it learns the device is in fact there, but also screws up the whole reason WOL exists...

wouldn't you want the scanner to WOL the PC so it can be scanned?
or you just want to see if WOL is enabled without actually waking the thing up?
:professorcat:

My Moral Fibers have been cut.

deanwebb

The latter. Kind of like a kindergarten teacher making sure all the kids are taking their naps and that none have been kidnapped and replaced with strategically-arranged pillows.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

#5
using your compliance manager, create a policy for WOL, run report to see who is not in compliance?
make non-compliant devices compliant. Then you know all devices are compliant.
:professorcat:

My Moral Fibers have been cut.

deanwebb

Not so easy in NAC, though. We're in the business of making sure that in between compliance checks, devices stay compliant. Also, as devices come out of the WOL state, they can be groggy, which gets them NACd if they're not careful. Knowing when a device is in a WOL state can help keep it from getting NACd as it wakes up.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

Quote from: deanwebb on August 28, 2017, 11:08:18 AM
Right, so if it sends no response, a packet scanner gets no info that it's active on that port.

Unless the scanner sends a magic packet, in which case it learns the device is in fact there, but also screws up the whole reason WOL exists...

Not immediately. The system would need to POST then boot the OS enough to load the LAN drivers. Then if your server is in a different network it would only get a response after a second packet like a ping and when the target system is able to send a packet to the default gateway destined for the the server / nac.

deanwebb

Well, still, WOL is to keep devices dark until needed.

NAC doing a port sweep with a magic packet wakes up devices that were supposed to be sleeping and, the next day, we see a datacenter guy ask, "Hey, why am I seeing these power spikes every hour?"
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.