1
00:00:00,330 --> 00:00:06,750
Now that we've discussed address clauses in IP version four, we're going to continue the discussion

2
00:00:06,750 --> 00:00:15,180
looking at special addresses such as the local broadcast address, loopback addresses and other special

3
00:00:15,180 --> 00:00:18,570
addresses that you'll encounter in IP version four.

4
00:00:18,750 --> 00:00:25,920
We'll also look at network mosques and CIDR or classless into domain routing, and we'll see how that

5
00:00:25,920 --> 00:00:31,200
affects the network and host portion of addresses in IP version four.

6
00:00:32,560 --> 00:00:39,460
So now let's look at some of the special addresses that you'll encounter in your networking career.

7
00:00:39,850 --> 00:00:43,420
The first one is directed broadcast address.

8
00:00:43,690 --> 00:00:52,600
A directed broadcast address is used by hosts to send data to all devices on the specific subnet or

9
00:00:52,600 --> 00:00:56,880
specific network in direct broadcast addresses.

10
00:00:56,890 --> 00:01:02,440
The entire host portion of the address is populated with binary ones.

11
00:01:02,440 --> 00:01:17,140
So as an example, if we have a network of 172.310.0, the directed broadcast address is 172. 30 1255.255.

12
00:01:17,500 --> 00:01:20,530
Notice, because this is a class B address.

13
00:01:20,530 --> 00:01:28,150
The first two octets denotes network and the last two octets denotes host portion of the address.

14
00:01:28,390 --> 00:01:32,470
So the host portion is filled with binary ones.

15
00:01:32,560 --> 00:01:41,560
255 in decimal equates to eight binary ones, so the host portion is therefore populated with binary

16
00:01:41,560 --> 00:01:44,530
ones in both the third and fourth octet.

17
00:01:44,740 --> 00:01:50,470
So the address now becomes 172. 31 two 55.255.

18
00:01:50,860 --> 00:01:59,080
Routers can be configured to route directed broadcasts, but by default, directed broadcasts are not

19
00:01:59,080 --> 00:02:06,070
routed from one physical interface to another physical interface or from one VLAN to another VLAN.

20
00:02:06,730 --> 00:02:15,490
There are hacking utilities that you can download and use to launch denial of service attacks or DDoS

21
00:02:15,490 --> 00:02:23,170
attacks by using directed broadcasts and thus for security reasons, it's recommended that the forwarding

22
00:02:23,170 --> 00:02:25,900
of directed broadcasts be disabled.

23
00:02:25,900 --> 00:02:33,400
This is the default on modern versions of the Cisco iOS, so routers and switches will not forward directed

24
00:02:33,400 --> 00:02:38,800
broadcasts from one VLAN to another or route them from one interface to another interface.

25
00:02:39,160 --> 00:02:41,050
So here's a sample network.

26
00:02:41,050 --> 00:02:53,830
Notice this device 172. 30 120.1 is on network one 72.30 1020172 is a class B network.

27
00:02:53,830 --> 00:03:02,260
So the network portion of the address is one 72.31 and the host portion of the address is 0.0.

28
00:03:02,900 --> 00:03:13,310
This device is sending a directed broadcast to 172. 31 to 50 5 to 55 using a hacking tool such as Smurf

29
00:03:13,310 --> 00:03:14,450
as an example.

30
00:03:14,630 --> 00:03:19,670
In other words, it's sending a broadcast to this subnet.

31
00:03:19,670 --> 00:03:22,490
172. 31 .0.0.

32
00:03:23,170 --> 00:03:30,730
Now a router or switch configured to forward directed broadcasts will forward that directed broadcast

33
00:03:30,790 --> 00:03:35,500
to network one 72.31 0.0.

34
00:03:35,860 --> 00:03:45,490
And all devices on that subnet, including this device 172 31 0.1 will receive that broadcast.

35
00:03:45,580 --> 00:03:52,330
So all hosts on that segment will receive the directed broadcast will accept it.

36
00:03:52,330 --> 00:03:57,760
So in other words, the network interface cards will accept the broadcast and forward it to higher lay

37
00:03:57,760 --> 00:03:59,260
protocols for processing.

38
00:03:59,290 --> 00:04:06,220
The CPUs of every device will be interrupted to process the directed broadcast.

39
00:04:06,610 --> 00:04:13,840
Now, normally, attackers would send the directed broadcast from the device that they want to attack.

40
00:04:13,840 --> 00:04:17,740
In other words, they may be using a different IP address.

41
00:04:17,740 --> 00:04:21,279
For example, one 72.16 .0. ten.

42
00:04:21,279 --> 00:04:29,110
But if they wanted to attack this device 172 16 zero one, they would send directed broadcasts to the

43
00:04:29,110 --> 00:04:33,040
subnet 172. 30 1.0.0.

44
00:04:33,040 --> 00:04:41,470
In other words, they would launch lots of traffic with a source IP address of 172 16 0.12.

45
00:04:41,470 --> 00:04:46,030
Destination 172 30 1255 255.

46
00:04:46,030 --> 00:04:55,150
All devices on this subnet would then reply back to the source address one 7216 zero one causing a denial

47
00:04:55,150 --> 00:04:57,940
of service attack on that device.

48
00:04:58,150 --> 00:05:05,350
So a hacker is getting legitimate hosts on the network to cause a denial of service attack on another

49
00:05:05,350 --> 00:05:06,970
host on the network.

50
00:05:07,150 --> 00:05:13,780
Now, once again, directed broadcasts are not permitted by Cisco Devices these days to prevent these

51
00:05:13,780 --> 00:05:17,020
kind of attacks using applications such as Smurf.

52
00:05:17,020 --> 00:05:23,980
Smurf is an example of an application that allows you to launch denial of service attacks using directed

53
00:05:23,980 --> 00:05:25,030
broadcasts.

54
00:05:25,540 --> 00:05:33,310
That's not as common today because routers and switches drop directed broadcast traffic by default.