If you are using subnet-directed broadcast as the transmission method of sending wake-up packets, all intervening routers between the primary site server and client computers must allow IP-directed broadcasts. To help mitigate the security risks associated with this configuration, take these additional configuration steps:
- Configure Wake On LAN in Configuration Manager 2007 to use a
nondefault port number.
- Configure routers to only allow IP-directed broadcasts from the
site server, using the nondefault port number you configured in
Configuration Manager 2007.
|The security risks associated with subnet-directed broadcasts are that an attacker could send continuous streams of Internet Control Message Protocol (ICMP) echo requests from a falsified source address to the directed broadcast address, causing all the hosts to reply to that source address. This type of denial of service attack is commonly called a smurf attack and is typically mitigated by not allowing subnet-directed broadcasts.
TasksHow to Configure the Ports Used for Wake On LAN
How to Configure Wake On LAN for Unicast or Subnet-Directed Broadcast
ConceptsAbout Subnet-Directed Broadcast Wake-Up Packets for Wake On LAN
Choose Between Unicast and Subnet-Directed Broadcast for Wake On LAN