Wake-on-LAN
This article needs additional citations for verification. (July 2007) |
Wake on LAN (WOL, sometimes WoL) is an Ethernet computer networking standard that allows a computer to be turned on or woken up remotely by a network message.
Technical details
System requirements - PC Compatible
Wake on LAN (WoL) support is implemented on the motherboard of a computer. Most modern motherboards with an embedded Ethernet controller support WoL without the need for an external cable. Older motherboards must have a WAKEUP-LINK header onboard and connected to the network card via a special 3-pin cable; however, systems supporting the PCI 2.2 standard coupled with a PCI 2.2 compliant network adapter typically do not require a WoL cable as the required standby power is relayed through the PCI bus.
PCI version 2.2 has PME (Power Management Events). What this means is that PCI cards can send and receive PME via the PCI socket directly, without the need for a WOL cable [1].
Laptops powered by the Intel 3945 chipset or newer (with explicit BIOS support) allow waking up the machine using wireless (802.11 protocol). This is called Wake on Wireless LAN (WoWLAN)[2].
Wake on LAN must be enabled in the Power Management section of the motherboard's BIOS. It may also be necessary to configure the computer to reserve power for the network card when the system is shutdown.
In addition, in order to get WoL to work it is sometimes required to enable this feature on the card. This can be done in Microsoft Windows from the properties of the network card in the device manager, on the "Power Management" tab. Check "Allow this device to bring the computer out of standby" and then "Only allow management stations to bring the computer out of standby" to make sure it does not wake up on all network activity.
How it works
Wake-on-LAN is not restricted to LAN (Local area network) traffic.
The general process of waking a computer up remotely over a network connection can be explained this way:
The target computer is shut down (Sleeping, Hibernating or Soft Off, i.e. ACPI state G1 or G2), with power reserved for the network card. The network card listens for a specific packet, called the "Magic Packet." The Magic Packet is broadcast on the broadcast address for that particular subnet (or an entire LAN, though this requires special hardware and/or configuration). When the listening computer receives this packet, the network card checks the packet for the correct information. If the Magic Packet is valid, the network card turns on the computer to full power and boots the operating system.
The magic packet is sent on the data link or OSI-2 layer and broadcast to all NICs (within the network of the broadcast address). Therefore, it does not matter whether the remote host has a fixed or dynamic IP-address (OSI-3 layer).
In order for Wake on LAN to work, parts of the network interface need to stay on. This increases the standby power used by the computer. If Wake on LAN is not needed, turning it off may reduce power consumption while the computer is off but still plugged in.[3]
Magic Packet
The Magic Packet is a broadcast frame containing anywhere within its payload 6 bytes of ones (resulting in hexadecimal FF FF FF FF FF FF) followed by sixteen repetitions of the target computer's MAC address.
Since the Magic Packet is only scanned for the string above, and not actually parsed by a full protocol stack, it may be sent as a broadcast packet of any network- and transport-layer protocol. It is typically sent as a UDP datagram to port 0, 7 or 9, or, in former times, as an IPX packet.
Security
Magic packets are sent via the data link or OSI-2 layer, which is not secure and can be used or abused by anyone on the same LAN.
Firewalls may prevent clients within the public WAN from accessing the broadcast address of the private LAN.
Certain NICs support a security feature called "SecureOn". It allows users to store within the NIC a hexadecimal password of 6 bytes. Clients have to append this password to the magic packet. The NIC wakes the system only if the MAC address and password are correct. This security measure significantly decreases the risk of successful brute force attacks:
Still, only a few NIC and router manufacturers seem to support such security features.
TLS Encryption for WOL
Some PCs include technology built into the chipset to improve security for WOL. For example, Intel AMT (a component of Intel vPro technology), includes Transport Layer Security (TLS), an industry-standard protocol that strengthens encryption.[4]
AMT uses TLS encryption to secure an out-of-band communication tunnel to an AMT-based PC for remote management commands such as WOL. AMT secures the communication tunnel Advanced Encryption Standard (AES) 128-bit encryption and RSA keys with modulus lengths of 2048 bits.[5][6] Because the encrypted communication is out-of-band, the PC’s hardware and firmware receive the magic packet before network traffic reaches the software stack for the operating system (OS). Since the encrypted communication occurs “below” the OS level, it is less vulnerable to attacks by viruses, worms, and other threats that typically target the OS level.[7]
IT shops using WOL through the Intel AMT implementation can wake an AMT PC over network environments that require TLS-based security, such as IEEE 802.1x, Cisco Self Defending Network (SDN), and Microsoft Network Access Protection (NAP) environments.[8] The Intel implementation also works for wireless networks.[9]
See also
References
- ^ http://xlife.zuavra.net/index.php/60/
- ^ http://www.intel.com/network/connectivity/resources/doc_library/tech_brief/wowlan_tech_brief.pdf Intel Centrino Mobile Technology Wake on Wireless LAN
- ^ http://www.lesswatts.org/tips/ethernet.php Less Watts: Ethernet Tips & Tricks
- ^ "Intel vPro Technology FAQ". Intel. Retrieved 2008-05-12.
- ^ "Advanced Encryption Standard (AES) Instructions Set". Intel. Retrieved 2008-04-06.
- ^ "Hardening Measures Built into Intel Active Management Technology". Intel. Retrieved 2008-06-11.
- ^ "Intel Centrino 2 with vPro technology and Intel Core2 processor with vPro technology" (PDF). Intel. Retrieved 2008-08-07.
- ^ "Intel Centrino 2 with vPro technology and Intel Core2 processor with vPro technology" (PDF). Intel. Retrieved 2008-08-07.
- ^ "Intel Centrino 2 with vPro technology and Intel Core2 processor with vPro technology" (PDF). Intel. Retrieved 2008-08-07.
Additional resources
- Troubleshooting Remote Wake-up Issues Useful WOL troubleshooting information from Intel
- AMD's Magic Packet Technology white paper Publication# 20213
- Wake-on-LAN white paper by Philip Lieberman Describes the IBM / Intel alliance that created Wake-on-LAN
- SmallNetBuilder Guide to Set up WOL
- Wake-on-LAN History and How To Guide
- Wake-on-LAN Security Best Practices (Microsoft, 2008)