Wake On LAN Security Best Practices
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
Use unicast for sending wake-up packets Unicast is more secure than subnet-directed broadcasts because the packet is sent directly to a computer rather than to all computers on a subnet. However, unicast will not work in all environments. For more information, see Choose Between Unicast and Subnet-Directed Broadcast for Wake On LAN.
If you must use subnet-directed broadcasts, configure routers to allow IP-directed broadcasts only from the site server and only on a non-default port number Subnet directed broadcasts are vulnerable to smurf attacks. Limiting the broadcasts to a trusted source, the site server computer, and a non-default UDP port, help to mitigate the risk. For more information, see Secure Routers for Subnet-Directed Broadcasts for Wake On LAN.
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.