Wake-up call
The WOL message can be included in a wide range of protocols because it does not have any further requirements and can be placed anywhere in the Ethernet frame. But simple UDP is best suited. Unlike Ethernet frames, UDP packets can be routed, allowing them to cross any distance through the internet. A number of software tools for Linux, Windows, and DOS creates such packets, sending them either as a UDP broadcast board to a fixed IP address, usually addressed to the UDP discard port 9.
However, a properly pre-configured router will not react to these wake-up calls because it will not pass on any traffic from outside internally. But a port-forwarding entry can be used to get simple hardware routers to pass on an incoming WOL packet to the LAN. The trick is to pass on all UDP packets that reach a certain port (any port above 50,000 will do, for example) to the correct address: either the Mac address of the computer to be woken up or the ethernet broadcast address [code]ff:ff:ff:ff:ff:ff[code].
The first method only works with a few routers because most models can only have IP addresses, not MACs, as the destination for port-forwarding. The ARP (Address Resolution Protocol) handles the assignment of IP to MAC. The router uses it to ask the network which MAC handles that IP address. It will only receive an answer if the computer is completely awake because the PC does not recognize any IP addresses in the sleep mode and hence does not respond to ARP queries. While the router does remember previous queries for some time (ARP cache), the MAC address of the computer to be woken up will not necessarily be in the cache any longer when it is needed to wake up the computer.
Therefore, this procedure is only useful for routers that can send port-forwarding to a MAC address (instead of to an IP address) or handle static ARP entries (i.e., assignments do not change). In all other models, the magic packet is not sent specifically to the computer to be switched on, but is sent to all computers as an Ethernet broadcast. Only the computer with the MAC address contained in the magic packet will react to the contents of the packet.
Most routers produce an Ethernet broadcast when they need to pass on the packet to the IP broadcast address. The address is always the highest one in the local subnetwork and therefore depends on the network mask. In a typical network with the network mask 255.255.255.0, the address would be 192.168.1.255. The router's IP stack converts this IP broadcast into an Ethernet broadcast, and the packet reaches all the PCs in the LAN. When a router's UDP port is redirected to an internal broadcast address, the incoming UDP packet becomes an Ethernet frame that all of the computers in the LAN receive.
Those who use a Linux firewall instead of a hardware router have to do things differently. The current net filter set of rules (iptables) refuses to redirect packets to broadcast addresses. But there is a way to break the rules:
0001_SuPeRcAlIfRaGiLiStIcExPiAlLeGoRic
redirects WOL packets to an IP address not being otherwise being used (192.168.1.254) in the local network. The router then uses its ARP table to decide to which MAC address this package should be sent. A static ARP entry ensures that the targeted UDP packet becomes an ethernet broadcast:
0002_SuPeRcAlIfRaGiLiStIcExPiAlLeGoRic
Unfortunately, both of these approaches have a drawback: this configuration allows anyone to wake up the computer via the local network from the internet. Simply waking up the computer does not, however, constitute a security hazard and will only cost a few cents an hour for power. What's more disconcerting is that potential attackers would now be able to send UDP packets with arbitrary content into your local network. Although it is unlikely that they will be able to find a vulnerability in this way, such packets could be used for communication with clients already taken over. If the IP range in which wake-up packets are accepted is limited, security increases considerably.
- Bookmark & Share
