1
00:00:00,510 --> 00:00:07,290
Now that we've discussed address Klosters in IP version 4 we're going to continue the discussion looking

2
00:00:07,410 --> 00:00:15,840
at special addresses such as the local broadcaster trace loopback addresses and other special addresses

3
00:00:16,050 --> 00:00:18,720
that you'll encounter in IP version 4.

4
00:00:18,990 --> 00:00:25,890
We also look at network mosques and Sajda or close listening to the main routing and we'll see how that

5
00:00:26,040 --> 00:00:32,740
affects the network and host portion of addresses in IP version 4.

6
00:00:32,750 --> 00:00:39,690
So now let's look at some of the special addresses that you'll encounter in your networking Korea.

7
00:00:40,040 --> 00:00:48,020
The first one is directed broad cost address a directed broad cost address is used by hosts to send

8
00:00:48,020 --> 00:00:57,980
data to all devices on the specific subnet or specific network in direct broadcast addresses the entire

9
00:00:57,980 --> 00:01:02,680
host portion of the address is populated with binary ones.

10
00:01:02,720 --> 00:01:12,470
So as an example if we have a network of 172 docked thirty one 0.0 the directed broadcast address is

11
00:01:12,580 --> 00:01:20,650
1 7 to Dr 31 to 2 5 5 2 2 5 5 notice because this is a class be it race.

12
00:01:20,720 --> 00:01:28,460
The first two octets denotes network and the last two octets denotes host portion of the address.

13
00:01:28,640 --> 00:01:37,450
So the host portion is filled with binary ones 255 in decimal equates to eight binary ones.

14
00:01:37,520 --> 00:01:44,820
So the host portion is therefore populated with binary ones in both the third and fourth octet.

15
00:01:45,020 --> 00:01:54,470
So the address now becomes 1 7 2 or 3 1 2 2 4 5 2 2 4 5 rodders can be configured to route directed

16
00:01:54,500 --> 00:02:01,790
broadcasts but by default directed broadcasts are not routed from one physical interface to another

17
00:02:01,790 --> 00:02:06,540
physical interface or from one villain to another villain.

18
00:02:06,860 --> 00:02:15,470
They are hacking utilities that you can download and use to launch denial of service attacks or decrease

19
00:02:15,530 --> 00:02:23,180
attacks by using directed fraud costs and thus for security reasons it's recommended that the forwarding

20
00:02:23,300 --> 00:02:26,140
of directed proved costs be disabled.

21
00:02:26,150 --> 00:02:30,590
This is the default on modern versions of the Cisco IOS.

22
00:02:30,680 --> 00:02:36,680
So routers and switches will not forward directed broadcasts from one villain to another we'll run them

23
00:02:36,680 --> 00:02:38,980
from wanting to face to another interface.

24
00:02:39,380 --> 00:02:41,230
So he has a sample network.

25
00:02:41,240 --> 00:02:53,700
Notice that this device 170 or 30 1.0 that one is on network 1 7 2 0 or 31 0 0 1 7 2 is a Class B network

26
00:02:54,050 --> 00:03:02,300
so the network portion of the address is 170 to 31 and the host portion of the address is 0.0.

27
00:03:03,140 --> 00:03:12,560
This device is sending a directive to broadcast to 1 7 2 or 31 or 255 255 using a hacking tool such

28
00:03:12,560 --> 00:03:14,840
as Smurf as an example.

29
00:03:14,870 --> 00:03:23,370
In other words it's sending a broadcast to this subnet 1 7 2.30 1.0 its era.

30
00:03:23,390 --> 00:03:30,590
Now a router will switch configured to forward directed broadcasts will forward that directed broadcast

31
00:03:31,070 --> 00:03:43,430
to network 1 7 2 or 31 0.0 and all devices on that subnet including this device 173 1.0 that one will

32
00:03:43,430 --> 00:03:45,780
receive back to port cost.

33
00:03:45,860 --> 00:03:52,550
So it all hosts on that segment will receive the directed broadcast who will accept it.

34
00:03:52,550 --> 00:03:57,770
So in other words the network interface cards will accept the broadcast and forward it to highlight

35
00:03:57,800 --> 00:04:06,850
protocols for processing the s.p use of every device will be interrupted to process the directed broadcast.

36
00:04:06,860 --> 00:04:13,700
Now normally attackers would say and the directed broadcast from the device that they want to attack

37
00:04:14,120 --> 00:04:17,860
in other words they may be using a different IP address.

38
00:04:17,900 --> 00:04:21,430
For example one 1:53 16.00 or ten.

39
00:04:21,510 --> 00:04:28,610
But if they wanted to attack this device one 17:16 zero or one they would say and directed broadcasts

40
00:04:28,790 --> 00:04:33,280
to the subnet one 1:53 at 31 that 0.0.

41
00:04:33,290 --> 00:04:42,590
In other words they would launch lots of traffic with a source IP address of one 17:16 0 to 1 to destination

42
00:04:42,680 --> 00:04:46,110
1 7 2 30 1 2 5 5 2 4 5.

43
00:04:46,190 --> 00:04:51,760
All devices on the subnet would then reply back to the source address.

44
00:04:51,790 --> 00:04:58,340
One 17:16 0 to 1 causing a denial of service attack on that device.

45
00:04:58,370 --> 00:05:05,420
So a hacker is getting legitimate hosts on the network to cause a denial of service attack on another

46
00:05:05,420 --> 00:05:07,370
host on the network.

47
00:05:07,370 --> 00:05:14,060
Now once again directed broadcasts are not permitted by Cisco devices these days to prevent these kind

48
00:05:14,060 --> 00:05:17,240
of attacks using applications such as smurf.

49
00:05:17,240 --> 00:05:24,050
Smurf is an example of an application that allows you to launch a denial of service attacks using directed

50
00:05:24,050 --> 00:05:25,640
broadcasts.

51
00:05:25,760 --> 00:05:33,170
That's not as common today because the rod isn't switches drop directed broadcast traffic by default.