Reply

Re: WOL & Magic packet

Dan_Aykroyd
Fledgling

Re: WOL & Magic packet

Well, well... I've enabled telnet in my WPN824 v2 and tried to follow your steps but I think the router is missing the neigh command, I could only use the 'add' one, but it only takes 2 parameters: IP and MAC. Added the IP through there and of course, after a while, it was still flushed. Would it be possible to add a permanent IP cache in this router? How? Inside the arp command, I have: add, delete, flush and show - nothing else... On a side note, I noticed that I could telnet my router via my dynamic IP... i.e., anyone brute forcing routers would get inside pretty easily! What the hell.... I've changed the password but I still think it's a huge hole now... On the bright side, I could remotely "re-add" the IP and MAC I wanted to wake up and then send the magic packet. Guess what, it worked! I think a messy solution would be that one: telnet, add IP & MAC - bam, I could magic packet the sucker. What I still haven't tried though is if I need to re-enable telnet after the router restarts, if the changed password resets also, etc... Any comments are more than welcome! Let me know what you think in that if 1) could I permanent create the ARP record (even if it lasts until the router restarts) 2) about telnetting the router and security issues here...
Message 226 of 250
Mars Mug
Virtuoso

Re: WOL & Magic packet

Dan_Aykroyd wrote:
On a side note, I noticed that I could telnet my router via my dynamic IP... i.e., anyone brute forcing routers would get inside pretty easily! What the hell.... I've changed the password but I still think it's a huge hole now...


One of the reasons I don’t use my Netgear router (WNDR4000) as a router (it’s my wireless access point only), there are also other functional reasons why I don't use it as a router.

This sort of issue has been reported several times on these forums for different model routers. Some are secure, some are not so secure.

Have you passed this info on to Tech Support (I suggest via e-mail)?
Message 227 of 250
Dan_Aykroyd
Fledgling

Re: WOL & Magic packet

Well, I haven't contacted Tech support because I'm just still researching into this, but in any case, "enabling" the telnet with the "telnetEnable" for NetGear (Google it) was pretty easy. I mean, the parameters were IP, MAC address, Gearguy Geardog (user / pass), although I used the LAN MAC address, I don't know if it may also work using the WAN one (I don't think so, that would be a mess). In any case... I don't care at all about advanced security and networking theory applied in my house, mainly because I have only one computer connected to the router. All I want is to WoL it via WAN using this router. So.. what's the worst that could happen if somebody gained telnet access to my router? If you may, I'd really like to hear about some attacks / dangers / whatever scenarios of what might happen, and the balance that to see if I care and if it applies to me or not. Thanks folks
Message 228 of 250
Mars Mug
Virtuoso

Re: WOL & Magic packet

Dan_Aykroyd wrote:
I don't know if it may also work using the WAN one (I don't think so, that would be a mess).


I got the impression that is what you meant when you referred to your Dynamic IP.
Message 229 of 250
Dan_Aykroyd
Fledgling

Re: WOL & Magic packet

Hmmm there are two different things: - As I said and you understood OK, I can access the router via telnet using my dynamic IP from work to my home - Before doing that, you have to "enable" telnet on the router by running that command I posted before: telnetEnable.exe . I've done this inside home, but I wonder if that would also enable telnet on the router if instead of using 192.168.1.1, I would use my dynamic IP and external / internal MAC address (an attacker could known the internal string, either by sniffing it in my remote tries, or a friend that came home and took a look at it Smiley Wink ) By the way, this command enables telnet until the router reboots. After that, you need to run it again. So one "solution" would be to telnet remotely, WoL the PC, issue a reboot command. The negative side is that everytime I get home I have to remember to enable telnet, or I won't be able to WoL again (that is, if I can't enable it remotely, which I hope I don't!) In any case, I hope somebody would tell me some examples of what type of "bad" stuff could happen if they gained access to telnet my router. And of course... if it's possible to add a "permanent" (I mean, until the router reboots) arp entry just to wake my computer, it would be great. Thanks again
Message 230 of 250
fordem
Mentor

Re: WOL & Magic packet

Dan_Aykroyd wrote:
In any case... I don't care at all about advanced security and networking theory applied in my house, mainly because I have only one computer connected to the router. All I want is to WoL it via WAN using this router. So.. what's the worst that could happen if somebody gained telnet access to my router? If you may, I'd really like to hear about some attacks / dangers / whatever scenarios of what might happen, and the balance that to see if I care and if it applies to me or not.

Thanks folks


If someone can telnet into your router, chances are they can use your router to telnet into someone else's, so when the authorities trace the hack attempt back to it's "source", guess whose door they're knocking on...

How about changing your encrption keys and connecting to your network, they aren't necessarily interested in you, your computer or it's contents, but simply having an entry point to the internet that doesn't trace back to them.

It's actually attitudes like yours that have led to the support for ip directed broadcast being disabled (ip directed broadcast is what is required for WoL to be correctly used over a WAN) - you don't care what happens as long as you can do what you want - well - a million users like you with ip directed broadcast enabled allows one cracker to use the routers as a SMURF amplifier and create havoc with DrDoS attacks.

You want horror stories? I can give you those too - and you'd be surprised how far the FBI can reach when they choose, and they WILL choose if someone uses your network to send a threatening email to certain addresses.

I live in a third world republic - where the FBI has no jurisdiction - but that didn't stop a gentlemen here from being detained and every computer in his business confiscated because such an email was tracked back to his ip address - he was released a few days later, and his equipment returned a few days after that and "thanked" for his co-operation - but are you willing to risk that?

Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Message 231 of 250
Dan_Aykroyd
Fledgling

Re: WOL & Magic packet

fordem wrote:
If someone can telnet into your router, chances are they can use your router to telnet into someone else's, so when the authorities trace the hack attempt back to it's "source", guess whose door they're knocking on...

How about changing your encrption keys and connecting to your network, they aren't necessarily interested in you, your computer or it's contents, but simply having an entry point to the internet that doesn't trace back to them.

It's actually attitudes like yours that have led to the support for ip directed broadcast being disabled (ip directed broadcast is what is required for WoL to be correctly used over a WAN) - you don't care what happens as long as you can do what you want - well - a million users like you with ip directed broadcast enabled allows one cracker to use the routers as a SMURF amplifier and create havoc with DrDoS attacks.

You want horror stories? I can give you those too - and you'd be surprised how far the FBI can reach when they choose, and they WILL choose if someone uses your network to send a threatening email to certain addresses.

I live in a third world republic - where the FBI has no jurisdiction - but that didn't stop a gentlemen here from being detained and every computer in his business confiscated because such an email was tracked back to his ip address - he was released a few days later, and his equipment returned a few days after that and "thanked" for his co-operation - but are you willing to risk that?


Thanks for your insights on the matter fordem, really, you are a very knowledgeable guy. It's not that I just plain "don't care", but I'd like to know the risks involved in just being able to wake up my computer from work, and then balance that agains the benefits.

I also live in a third world country and rest assured that there are more odds of a meteor striking me and resurrecting the dinosaurs in the process than the FBI getting me me for just being a home user whose router was telneted. There's is pretty much no jurisdiction here yet on digital issues (pirate software is sold in retail stores), so unless the men in black come know on my door out of a black hawk... that won't happen.

So with this said... the only thing that worries me is if the could get to my computer and such. I'm running Windows 7 with the default firewall on it and only inbound port opened.

For example... could the SMB my folders / drives? I don't know, those are some crazy ideas that pop up in my head right now, and truly the only thing that bothers me at all.

Again, if I could have the arp permanent (please comment on this!) unless until the router reboots, that would be awesome! I know that a correctly sent magic package wouldn't care about the mac address but... the thing is that it just works for my scenario and that's all I want.

Thanks fordem, please keep commenting, you are truly a genious from what I've read and you like to share your knowledge with us. Thanks man Smiley Happy
Message 232 of 250
fordem
Mentor

Re: WOL & Magic packet

Dan_Aykroyd wrote:

I also live in a third world country and rest assured that there are more odds of a meteor striking me and resurrecting the dinosaurs in the process than the FBI getting me me for just being a home user whose router was telneted. There's is pretty much no jurisdiction here yet on digital issues (pirate software is sold in retail stores), so unless the men in black come know on my door out of a black hawk... that won't happen.


You've just described Guyana - and the FBI were here - don't be so sure it can't happen where you are.

If they can get to your router, they can forward whatever ports are necessary to get access to whatever they want.

Permanent or static arp - that is one way to do it - but if you do that, I will guarantee that you will come to regret it - one day when you have forgotten how & why you did such a thing, it will come back to bite you.

Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Message 233 of 250
Dan_Aykroyd
Fledgling

Re: WOL & Magic packet

Thanks. So, is there a way to issue a command to add a permanent (i.e. until reboot) ARP entry with the commands I have available (NetGear WPN824v2). I'd just like to try for myself to see if it works and then decide what to do. Thanks
Message 234 of 250
fordem
Mentor

Re: WOL & Magic packet

Sorry - I've never used a WPN824 - I have no idea what commands it accepts - have you tried arp-s ?

Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Message 235 of 250
Dan_Aykroyd
Fledgling

Re: WOL & Magic packet

arp -s is a valid command for the Windows arp.exe, but my router only accepts the following comands: add, delete, flush and show. "add" takes an IP and a MAC address, nothing more. If I add the IP using it, it gets flushed after a while from the router (it's no permanent).
Message 236 of 250
pgsmick
Novice

Re: WOL & Magic packet

Please don't shoot me for this--I really have no desire to hijack this very informative thread. But it occurs to me that there are a number of people here who just seem to want to turn their PCs on or off from the Internet--and they may not care whether it's WOL or something else that gets the job done.

For these folks: there are some pretty cool internet addressable POWER switches available for not a whole lot of money--possibly the same $ as for a business router. Google: Insteon SmartLinc (which is the webserver part of the system I've used), and then there are a bunch of different independently controllable modules for actually switching the PC power on and off, dimming lights and the rest of the home automation stuff. It's a totally different tack that really has no place in this forum except that it looked like it might be helpful.

That's all I have to say about that.
Message 237 of 250
Mars Mug
Virtuoso

Re: WOL & Magic packet

Don't panic, I’ve mentioned that sort of thing before, in this thread and others;

http://forum1.netgear.com/showpost.php?p=329388&postcount=153

http://forum1.netgear.com/showpost.php?p=330763&postcount=199
Message 238 of 250
crazeeangel
Aspirant

Re: WOL & Magic packet

To those concerned with security issues regarding enabling telnet I would note that the telnet interface is only available on the local ethernet ports and not the adsl internet connection. I have tested this on my system from remote location and it is not possible to connect to telnet despite this being enabled on the router. This may of course vary for different model but is certainly the case with N300 on which my wol instructions were based. If in doubt with a different model would be easy enough to test remotely and if found accessible easily disabled by reboot. In most cases this would of course wipe out your static arp settings as well. I am writing this message via remote desktop connection to my PC which I have just woken up via wake on wan and I can access telnet via the RDP but definitely not via the internet from my work PC where I am running the RDP connection Smiley Happy
Message 239 of 250
fordem
Mentor

Re: WOL & Magic packet

crazeeangel wrote:
To those concerned with security issues regarding enabling telnet I would note that the telnet interface is only available on the local ethernet ports and not the adsl internet connection. I have tested this on my system from remote location and it is not possible to connect to telnet despite this being enabled on the router.


Dan_Aykroyd wrote:
On a side note, I noticed that I could telnet my router via my dynamic IP... i.e., anyone brute forcing routers would get inside pretty easily! What the hell.... I've changed the password but I still think it's a huge hole now...


That excerpt from Dan_Aykroyd's post is what has led to the discussion on security issues & telnet - now - I haven't tested it personally, and for all I know, he tested from inside the network using the dynamic ip - but I do know that on other brands I can be very specific and tell the router where I want to allow telnet access from - inside/outside - a single ip address, a subnet or the entire world.

Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Message 240 of 250
Asystole
Novice

Re: WOL & Magic packet

bernaci wrote:
Hello Techfoxx,

Don't you mind to send me the list of devices which you tested and on which WoL worked from the Internet, using NATing to the Broadcast address and Port Forwarding ?

tks a lot
Bernard


Purchase a Dlink DIR-655 router. Wake on LAN and WAN works perfectly. It does not have a WoL config page. You can, however, use the virtual servers page to create a rule that forwards inbound from the internet on port 9 to an internal address of 192.168.0.255 (for instance) on port 9 on the intranet. Have been using it for over a year now, and it works perfectly.

I have a Dell Zino HTPC. Through the configuration of the BIOS and the NIC, the NIC stays awake EVEN WHEN THE MACHINE IS POWERED OFF! You can see this if, when the machine is off, the lights on the card (where the RJ-45 cable is connected to the computer) are still on.

I can turn off my machine, and I can power it up from anywhere in the world. At least, until I replaced the router with the WNDR4500. Now I'm out of luck
Message 241 of 250
selkov
Aspirant

Re: WOL & Magic packet

Purchase a Dlink DIR-655 router. Wake on LAN and WAN works perfectly. It does not have a WoL config page. You can, however, use the virtual servers page to create a rule that forwards inbound from the internet on port 9 to an internal address of 192.168.0.255 (for instance) on port 9 on the intranet. Have been using it for over a year now, and it works perfectly.


Asystole,
Can you please help me out. I have a dir-655 also but can not get it to work. Could you verify the version # and the firmware please?
Also if you forwarded screen shots of the various set up pages to me it might also be of help.....cuetipper at yahoo.

thanks for your help.
Message 242 of 250
selkov
Aspirant

Re: WOL & Magic packet

I solved this! YEAAAAAAAAAAAA!

Last night I installed the newest firmware 1.35na onto my version 1 DIR-655. Followed instructions supplied here and it worked! In fact i can power on my pc from my windows phone as well.....coooool.


PS...when using a packet sender OR Depicus be sure to set the subnet mask to 255.255.255.255.
Message 243 of 250
jljeeper
Tutor

Re: WOL & Magic packet

Netgear1-9A-Z wrote:
Hi getafix and welcome to the forum. Smiley Very Happy

Here is workaround provided by TeckFoxx.

Since most Netgear routers won't allow you to forward to the subnet's broadcast address when it ends in 255....what you need to do is change the subnet of the router so it changes the broadcast address.

Now in that section you will see something that says 'LAN TCP/IP Setup' and just below it it says 'IP Subnet Mask'. What you need to do is change the IP Subnet Mask to 255.255.255.128.

Now when you create a Wake-on-Lan port forwarding rule, use 192.168.0.127 as the IP address. This will cause the WOL packet to be broad-casted to the subnet and this should cause your computer to boot up.

http://www.depicus.com/wake-on-lan/wake-on-lan-gui.aspx

Peace


This doesn't work on the WNDR3700. It just tells you that 192.168.1.127 is an invalid address after you change subnet to 255.255.255.128. Same message you get when you use 192.168.1.255 for broadcast in the 255.255.255.0 mask.
Message 244 of 250
rayhawk0
Aspirant

Re: WOL & Magic packet

jljeeper wrote:
This doesn't work on the WNDR3700. It just tells you that 192.168.1.127 is an invalid address after you change subnet to 255.255.255.128. Same message you get when you use 192.168.1.255 for broadcast in the 255.255.255.0 mask.


I have a WNDR3700v3. It worked for me. This is what I did:

In Advanced
Lan setup:
-change subnet to 255.255.255.128
-change ending ip address for the DHCP server to 192.168.1.126

In Advanced Setup
Port Forwarding / Port Triggering:
Setup WOL on port 9 to internal IP 192.168.1.127

No errors.

Could it be that you put 192.168.1.127 in your ending DHCP address rather than .126?

Maybe this only works on V3?

If that's the case, the good news is that if you have V1 or V2, you can install DD-WRT on it which has a WOL feature.

Once you have DD-WRT on it, you just have to enable remote administration of your router, log in to it from outside your network (via the internet), and then you can use your router to send the WOL packet.

You can do this from any web browser. Even most smartphones will load up the router page.

Let me know how it goes.
Message 245 of 250
rayhawk0
Aspirant

Re: WOL & Magic packet

Well.... My router took the 192.168.1.127 port forward rule using a 192.168.1.128 subnet, but it seems that once the ARP cache clears, the WOL via the internet stops working. The router refuses to broadcast.

I guess when the router receives the WOL packet it just doesn't forward it because the MAC address info in the packet does not match anything in the router's ARP table...

So.... I'm returning it. I already picked up a netgear wndr4000 which does support dd-wrt. Through the dd-wrt remote interface I should be able to send a wol packet because dd-wrt has this option.

It basically becomes true Wake-On-Lan, and is not Wake-On-Wan any more. Doesn't really matter to me. Same end result. I'll be able to remotely wake up my pc my going to http://myaddress:8080, logging in and then using the router's interface to send a WOL packet.
Message 246 of 250
techozy
Aspirant

Re: WOL & Magic packet

So aint there just a way to ask Netgear to add a "enable broadcast from WAN to LAN" button on our routers ?
Why the heck can you forward a service to a broadcast address in netgears' admin interfaces for routers if it won't work anyway ?
I'm pretty sure this should not be to hard to do.

I'm now stuck with 4x FVS318G all together with VPN and a really not happy customer... Thanks Netgear.
Message 247 of 250
don544
Aspirant

Re: WOL & Magic packet

Message 248 of 250
iefbo
Aspirant

Re: WOL & Magic packet

just tried to get WOL working on my WNDR3700 (not sure what version)
been looking at all posts and material available on the Internet

seems like installing dd-wrt is only way out ... or??
would you guys suggest going down that path?
what about performance? Will I notice any difference?
what are the risks? can I go back to Netgear firmware?

this is dissapointing ...
Message 249 of 250
xr280xr
Aspirant

Re: WOL & Magic packet

Netgear1-9A-Z wrote:
Hi getafix and welcome to the forum. Smiley Very Happy

Since most Netgear routers won't allow you to forward to the subnet's broadcast address when it ends in 255....what you need to do is change the subnet of the router so it changes the broadcast address.



Thanks for pointing this out. The fact that it will allow you to use the broadcast address for smaller subnets got me wondering, "is this just an arbitrary rule?" I used Firebug in Firefox to circumvent the validation that prevents using a .255 address for port forwarding. Disclaimer: do this at your own risk. It saved correctly and seems to also be forwarding correctly because internally I can now wake my computer using my public IP address. I still can't from the internet which makes me think one of my routers is ignoring my packets.
Message 250 of 250
Discussion stats
Announcements

Orbi WiFi 6E