great, don't forget that Intel's Nightshade mboard, with the integrated NIC that does Wake on LAN, can also be put to sleep with an IP packet. these will most likely suffer the same problem. now all of your trusted IPsec Intel NICs are asleep. where did your network logging and IDS's go? oh yeah... nowhere. :) have a nice day, folks.
Actually, having access to a cryptochip would possibly facilitate protection against this kind of attacks. You could design a protocol for decently secure sleep-on-LAN using shared secrets (between client and management server). Thus only the management server would have to be trusted, and if it gets cracked you're done for anyway... (Note: I dont' say that Intel does this, and it's probably not in the wake-on-LAN specs (I haven't checked, though) but it would be possible.)
