Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

PXE remote boot a PC that has been shut down

Posted on 2004-08-04
5
Medium Priority
?
975 Views
Last Modified: 2008-02-01
Hello discussion board experts!

I have a question about a remote boot PXE scenario that I would like resolved since I believe there is a hacker in our network who is somehow remote booting shut down workstations.  Here is the situation:

Last night when I left my office at 5:30 PM I completely shutdown a Dell Optiplex GX260 workstation.  The OS is Windows 2000 Pro and the hardware in question is an Intel PRO/1000 network card.  When I came back in this mroning, the machine was off, but DURING THE NIGHT between 9:00 PM and 5:00 AM the machine had been powered on and the administrator account had logged in (this information was logged in the event log for the system).  I know the power was turned off on the PC from the front panel, but I did not unplug the network cable.  Here is the question I have:  Is it possible to remotely boot a PC that has been powered down from the front panel using PXE?  If so, does this require that the PC had previously been set up as a remote boot client or can it be done completely without creating any remote boot RAMdisk or floppy etc?  I need to know because I would like to find out if someone is actually coming in and physically turning on the workstation or if the machine has been compromised and somehow the PXE boot is happening.

Any and all help would be greatly appreciated!

Cameron R. Williams
Information Technologist
Michigan State University
will1082@msu.edu
0
Comment
Question by:will1082
  • 2
4 Comments
 
LVL 2

Expert Comment

by:si_j
ID: 11719260
Here it sounds like you need to configure it in the BIOS and probably on the network card too: http://www.webopedia.com/TERM/P/PXE.html

If you are the Administrator, disable it in the BIOS if not required (and indeed possible) and also disable it in the Network card too. Put a strong password on the BIOS and change your Administrator PW to a new strong pw.

Scan for Viruses (trend micro housecall?) and spyware (spybot search&destroy) if you feel the sytem may be compromised.

If you really think someone is physically coming in and switching the computer on then do something like leave a chair in front of the on switch and see if it moves by marking where it is, taking a photo to check for change, leaving a webcam or something similar.
0
 
LVL 1

Accepted Solution

by:
Thops earned 2000 total points
ID: 11719376
It could be possible but allso stoped.

There is a utility to configure the Intel NIC and close down the wake on lan feature, you should allso look in the computers bios settings and make shure that the computer makes a complete shutdown when you press the button. It could be that it's now uses standby och something like that.

Take a look here and se if it's any help

http://downloadfinder2.intel.com/scripts-df/Detail_Desc.asp?strState=LIVE&ProductID=412&DwnldID=1305
0
 
LVL 5

Expert Comment

by:XSINUX
ID: 12266345
In the Dell Bios of GX260 there are time settings for Auto Power on. Ensure that this Setting is Turned off. If not you will experience all similiar issues.
Ensure Auto Power On ....................................................... Disabled ( Enter to Selcted and Left and Right Arrow Key to Change Settings )
PRESS F2 TO DELL BIOS.

SETTINGS FOR AUTO POWER ON
AUTO POWER ON MDOE ARE --> DISABLE / EVERYDAY / WEEKDAYS
AUTO POWER ON TIME --> 00:00

Hope this Helps

Cheers
Sinu
0
 
LVL 1

Expert Comment

by:Thops
ID: 12551989
Hi

As the NIC isn´t integrated i think the best way is to stop any Wake on Lan attempts before they reach further in to the system. I think my solution to configure the NIC not to respond is the way to go.

As i can se si_j gives a general anwer that he/she don´t know if its´s possible to use on the actual machine.

My answer points to the download of the utility that can shut down the WoL function on the NIC that was specified. I know that it works, i have used this myself.

XSINUS on the other side knows the BIOS, but i´m not shure that the suggestion will solve the problem if it´s a case of WoL.

In my oppinion, my answer is the one that solves the problem and should be regarded as the right one.

Regards
Thops
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question