Wake On LAN (WOL, where LAN stands for local area network) is a networking technology that that allows one computing device to boot a remotely located target computing device, even though the target computing device is either turned off or in a power conservation mode. One common wake mechanism that may achieve this remote booting is referred to as a “magic packet”. A magic packet is a broadcast communication packet with a specific header, followed by sixteen instances of the media access control (MAC) address of the target system. A network communications device of the target system receives the packet and determines whether the MAC address matches its own MAC address. Upon determining that the MAC address matches its own address the target system generally turns itself on and starts communicating with the system that initiated the wake event.
Currently, this wake mechanism is insecure. In other words, computing devices or platforms do not sufficiently protect against spurious or malicious wake events. A so-called “sniffer” can monitor the packet sent over the communications network used by the two systems. A malicious person can detect such packets and replay them at a later time. A variation of the wake mechanism is referred to as “magic packet+password”. The “magic packet+password” is similar to a packet of the “magic packet” but includes an additional six-byte password appended to end. While the “magic packet+password” mechanism does have a password, the password is nonetheless sent unencrypted and susceptible to a replay attack in the same manner as the “magic packet”.
Aside from replay attacks, the wake mechanism is insecure in other respects. If the MAC address of the target system is known, anybody within the broadcast domain can wake the system by sending the wakeup packet. While many communication networks may have firewalls which help protect against external threats, one or more computing devices on the internal network may have malfunctioning hardware, malfunctioning software, or software such as virus software that is out of date. In the case of open networks, a virus scanner, which might otherwise handle numerous types of denial of service attacks, may respond too slowly to prevent attacks based on denial of service attacks involving WOL technology.