1
00:00:01,160 --> 00:00:03,380
The next layer is called the network layer.

2
00:00:05,520 --> 00:00:12,310
Discussing the network layer we will analyze details of the IP version 4 protocol and we will say a

3
00:00:12,310 --> 00:00:14,500
few words about the IP version 6 to

4
00:00:17,740 --> 00:00:22,530
both versions of the protocol are responsible for delivering that protocol to the given address.

5
00:00:25,190 --> 00:00:31,340
One other protocol operating in the network layer is ICMP and it is used for diagnostic purposes.

6
00:00:33,260 --> 00:00:38,740
Executing a ping command usually results in sending echo packets of the ICMP protocol

7
00:00:41,680 --> 00:00:48,790
previously discussed ethernet address thing and MAC addressing IP numbers are called logical addresses

8
00:00:48,790 --> 00:00:51,910
due to the fact that they're allocated by administrators or users

9
00:00:57,670 --> 00:01:04,460
the network layer includes routing therefore IP numbers must be allocated in such a way that data will

10
00:01:04,460 --> 00:01:08,020
be delivered to both correct hosts and correct networks

11
00:01:11,050 --> 00:01:16,310
an IP number must contain information about the network address and recipient hosts address

12
00:01:21,570 --> 00:01:30,940
IP version 4 consists of a 32 bit number divided into four octets octets are separated by dots.

13
00:01:30,960 --> 00:01:40,940
This is for users convenience computers treated as a uniform byte stream.

14
00:01:40,980 --> 00:01:46,570
You may ask which part of the IP is a network address and which is the host address.

15
00:01:48,860 --> 00:01:55,930
We'll discuss the addressing in greater detail while analyzing the subject of submitting.

16
00:01:55,990 --> 00:02:00,940
For now you should only remember that each IP address should be associated with a subnet mask

17
00:02:04,250 --> 00:02:09,400
subnet mask specifies which part of the IP is the host address and which is the network address.

18
00:02:10,830 --> 00:02:14,050
The mask is usually given in bits.

19
00:02:14,100 --> 00:02:22,740
Usually the bits for the network address are all set to one.

20
00:02:22,770 --> 00:02:28,910
The last principle of the IP version 4 addressing is the network address must precede the host address.

21
00:02:30,750 --> 00:02:34,110
In the mask all Number Ones must come before the first 0

22
00:02:38,640 --> 00:02:39,400
in the third layer.

23
00:02:39,420 --> 00:02:48,510
IP packets are called datagrams IP spoofing is as easy as Mac spoofing there also exists the possibility

24
00:02:48,510 --> 00:02:54,470
of a writing table modification attack to which IP version 6 is especially vulnerable

25
00:02:59,640 --> 00:03:00,570
in the network layer.

26
00:03:00,570 --> 00:03:07,470
Just as in the second layer from headers are not encrypted IP addresses of both the sender and receiver

27
00:03:07,530 --> 00:03:09,020
are sent as plaintext

28
00:03:11,820 --> 00:03:14,700
everyone can read them and even modify them in real time

29
00:03:18,890 --> 00:03:25,240
the biggest vulnerability of the network there is IP spoofing that is impersonating other IP addresses

30
00:03:29,990 --> 00:03:36,340
attackers use this method to hide their hosts if the administrator notices in the event logs that someone

31
00:03:36,340 --> 00:03:41,710
is scanned his or her system the IP address of the sender of scanning packets will not always be the

32
00:03:41,730 --> 00:03:43,480
one of the attacker.

33
00:03:43,660 --> 00:03:48,500
It may be a random address or the address of a computer the attacker previously found in the network

34
00:03:53,210 --> 00:03:55,310
IP is a readable protocol.

35
00:03:56,940 --> 00:04:02,740
And the fact that IP datagrams are so easily ratable is the reason why protocols become so successful.

36
00:04:04,750 --> 00:04:09,510
The IP version 4 protocol has become very popular within just a couple of years.

37
00:04:10,210 --> 00:04:16,070
It has completely replaced competing protocols IPX and SBX which are now totally forgotten

38
00:04:19,110 --> 00:04:20,950
when it comes to routing options.

39
00:04:20,970 --> 00:04:28,020
It has been a great deal of change between the fourth and the sixth version of IP protocol the IP version

40
00:04:28,020 --> 00:04:33,720
6 protocol configuration is by and large automatic.

41
00:04:33,880 --> 00:04:39,640
This means for instance that if a network doesn't include the DHC server you still don't have to configure

42
00:04:39,640 --> 00:04:47,000
the IP version 6 protocol manually a local address will be provided automatically.

43
00:04:49,580 --> 00:04:56,500
And if your router supports IP version 6 global broadcast addresses will also be provided.

44
00:04:56,630 --> 00:05:03,200
This means that the computer reacts in real time to the rudder advertisement rudders advertised some

45
00:05:03,200 --> 00:05:06,430
packets and the system configuration is adjusted accordingly.

46
00:05:09,130 --> 00:05:11,600
This mechanism gives rise to two risks.

47
00:05:13,570 --> 00:05:16,480
First it allows attackers to spoof broadcast packets

48
00:05:19,250 --> 00:05:24,650
the attacker can configure IP version 6 addresses in such a way that your computer will treat every

49
00:05:24,650 --> 00:05:29,080
other machine as a member of the local network.

50
00:05:29,220 --> 00:05:34,030
Usually the network firewall settings are different for local networks and external networks.

51
00:05:34,780 --> 00:05:39,700
And that's how the attacker can very easily change the configuration of a host network firewall.

52
00:05:42,260 --> 00:05:46,080
The second risk can now be mitigated thanks to network hardware improvements.

53
00:05:47,600 --> 00:05:51,880
But in fact the vulnerability was a consequence of following they are C standards.

54
00:05:53,910 --> 00:05:58,550
IP version 6 hosts listen and react to packet's broadcast by IP version 6 routers

55
00:06:01,620 --> 00:06:09,750
as stated in the R-S.C. injecting false routes into the network will block hosts if you resend a spoofed

56
00:06:09,750 --> 00:06:14,880
broadcast packet with a false routing pathic a couple of times it will prevent the target computer from

57
00:06:14,880 --> 00:06:18,520
communicating with the network.

58
00:06:18,530 --> 00:06:24,180
Usually it takes two to five hundred such packets to completely disable the computer.

59
00:06:24,310 --> 00:06:28,300
It will consume 100 percent of the processor usage.

60
00:06:28,300 --> 00:06:33,820
This means that every computer that supports IP version 6 and all modern operating systems that do that

61
00:06:33,820 --> 00:06:38,640
by default can be remotely disabled through such an attack.

62
00:06:38,680 --> 00:06:44,810
You can disable web servers and servers for cloud services in a while.

63
00:06:44,870 --> 00:06:47,280
Will show just how easy it is to do that.

64
00:06:47,540 --> 00:06:50,790
But first we'll discuss the second protocol of the network layer.

65
00:06:51,200 --> 00:06:52,520
That's ICMP.