[12009] in bugtraq
Re: ASUS mother board security question...
daemon@ATHENA.MIT.EDU (Ben Ryan)
Mon Sep 27 14:49:07 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id: <19990927033748.6BD771EF36@lists.securityfocus.com>
Date: Mon, 27 Sep 1999 13:38:44 +1000
Reply-To: Ben Ryan <ben@BSSC.EDU.AU>
From: Ben Ryan <ben@BSSC.EDU.AU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Resubmission: Aleph: Not sure if this was rejected or lost last week.
Though this would be of use for people to understand remote power on
mechanisms on major mobo's..
thanks
ben
---------------
> Question from a co-worker that I do not have an answer to... Does anyone
--snip--
> Statement of fact and question(s) below:
> ============================================================
> Recently I built a new computer and I noticed that the ASUS mother board has
> a function (if you are using an ATX power supply) to remotely turn on the
> computer if anything is received on either the LAN or modem ports. It seems
> that anything that triggers an external interrupt line will turn on the
> computer.
>
> Security questions:
>
> 1) am I correct in assuming that anyone who sends a packet to you over the
> Internet will appear on the LAN port if you have a cable modem and if so
> will they have access to your computer?
Data received on modem ports (the PC must be on for the modem to have
an established outgoing connection, so there must be a ring-in event to
activate the PC) should wake up the box if properly enabled and the modem
set up correctly.
Data received on the LAN will not wake up the PC.
The only way to bring up a PC from LAN is if the following conditions are
met:
1) The PC has a Wake On Lan enabled card
2) The PC has a Wake On Lan enabled motherboard (also ATX PSU)
3) WOL feature is enabled in BIOS
4) Your ethernet address receives a directed frame in "Magic Packet"
format (AMD's terminology, not mine :)) from a local source.
The "wake up on lan event" option in the BIOS is NOT irq driven.
It's a management technology that enables a PC to be woken up from
suspend or sleep when the card receives a specific frame from a
management console. Your cable modem should filter out directed
broadcasts (anyone??).
Hope this clears this issue up, and gives some of the troops out there a
better understanding of the WOL management technology....
regards
ben
SIDELINE RE: NetBoot Schemes (PC9x etc) as discussed by
nick@VIRUS-L.DEMON.CO.UK (Nick Fitzgerald)...
Well done for picking this aspect up... netboot is implemented in Intel
EtherExpress Pro 10/100 adapters... by default.
Great for management, not so good for security or fast booting :(
It can be turned off via an apparently undocumented utility...
________.-~-.________
Ben Ryan, MCP
Systems Administrator
Bendigo Senior Secondary College
Rosalind Park, Bendigo 3550
Australia
Phone +61-(0)3-54431222 ext 259
Mobile +61-(0)417-502-061
email: Ben@bssc.edu.au
URL: http://www.bssc.edu.au/~ben/index.htm
