Class First binary digits

460
Chapter 11 
■
Secure Network Architecture and Securing Network Components
TA b l e 11. 4
IP classes’ default subnet masks
Class
Default subnet mask
CIDR equivalent
A
255.0.0.0
/8
B
255.255.0.0
/16
C
255.255.255.0
/24
Note that the entire Class A network of 127 was set aside for the 
loopback address
, 
although only a single address is actually needed for that purpose.
Another option for subnetting is to use 
Classless Inter-Domain Routing (CIDR)
nota-
tion. CIDR uses mask bits rather than a full dotted-decimal notation subnet mask. Thus, 
instead of 255.255.0.0, a CIDR is added to the IP address after a slash, as in 172.16.1.1/16, 
for example. One significant benefit of CIDR over traditional subnet-masking techniques 
is the ability to combine multiple noncontiguous sets of addresses into a single subnet. For 
example, it is possible to combine several Class C subnets into a single larger subnet group-
ing. If CIDR piques your interest, see the CIDR article on Wikipedia or visit the IETF’s 
RFC for CIDR at 
http://tools.ietf.org/html/rfc4632
.
ICMP and IGMP are other protocols in the Network layer of the OSI model:
ICMP Internet Control Message Protocol (ICMP)
is used to determine the health of a 
network or a specific link. ICMP is utilized by 
ping
, 
traceroute
, 
pathping
, and other net-
work management tools. The 
ping
utility employs ICMP echo packets and bounces them 
off remote systems. Thus, you can use 
ping
to determine whether the remote system is 
online, whether the remote system is responding promptly, whether the intermediary sys-
tems are supporting communications, and the level of performance efficiency at which the 
intermediary systems are communicating. The 
ping
utility includes a redirect function that 
allows the echo responses to be sent to a different destination than the system of origin.
Unfortunately, the features of ICMP were often exploited in various forms of bandwidth-
based denial-of-service (DoS) attacks, (DoS), such as ping of death, smurf attacks, and ping 
floods. This fact has shaped how networks handle ICMP traffic today, resulting in many 
networks limiting the use of ICMP or at least limiting its throughput rates. Ping of death 
sends a malformed ping larger than 65,535 bytes (larger than the maximum IPv4 packet 
size) to a computer to attempt to crash it. Smurf attacks generate enormous amounts of 
traffic on a target network by spoofing broadcast pings, and ping floods are a basic DoS 
attack relying on consuming all of the bandwidth that a target has available.
You should be aware of several important details regarding ICMP. First, the IP header pro-
tocol field value for ICMP is 1 (0x01). Second, the type field in the ICMP header defines the 
type or purpose of the message contained within the ICMP payload. There are more than 
40 defined types, but only 7 are commonly used (see Table 11.5). You can find a complete 
list of the ICMP type field values at 
www.iana.org/assignments/icmp-parameters
. It may 
be worth noting that many of the types listed may also support codes. A code is simply an 

TCP/IP Model 
461
additional data parameter offering more detail about the function or purpose of the ICMP 
message payload. One example of an event that would cause an ICMP response is when 
an attempt is made to connect to a UDP service port when that service and port are not 
actually in use on the target server; this would cause an ICMP Type 3 response back to the 
origin. Since UDP does not have a means to send back errors, the protocol stack switches to 
ICMP for that purpose.
TA b l e 11. 5
Common ICMP type field values

Download 19,3 Mb.

Do'stlaringiz bilan baham: