Page 767 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 767

Class Default subnet mask CIDR equivalent

                            A         255.0.0.0                       /8

                            B         255.255.0.0                     /16

                            C         255.255.255.0                   /24

               Note that the entire Class A network of 127 was set aside for the

               loopback address, although only a single address is actually needed for
               that purpose.

               Another option for subnetting is to use Classless Inter-Domain
               Routing (CIDR) notation. CIDR uses mask bits rather than a full
               dotted-decimal notation subnet mask. Thus, instead of 255.255.0.0, a
               CIDR is added to the IP address after a slash, as in 172.16.1.1/16, for
               example. One significant benefit of CIDR over traditional subnet-

               masking techniques is the ability to combine multiple noncontiguous
               sets of addresses into a single subnet. For example, it is possible to
               combine several Class C subnets into a single larger subnet grouping.
               If CIDR piques your interest, see the CIDR article on Wikipedia or visit
               the IETF’s RFC for CIDR at http://tools.ietf.org/html/rfc4632.

               ICMP and IGMP are other protocols in the Network layer of the OSI
               model:

               ICMP Internet Control Message Protocol (ICMP) is used to

               determine the health of a network or a specific link. ICMP is utilized
               by ping, traceroute, pathping, and other network management tools.
               The ping utility employs ICMP echo packets and bounces them off
               remote systems. Thus, you can use ping to determine whether the
               remote system is online, whether the remote system is responding

               promptly, whether the intermediary systems are supporting
               communications, and the level of performance efficiency at which the
               intermediary systems are communicating. The ping utility includes a
               redirect function that allows the echo responses to be sent to a
               different destination than the system of origin.

               Unfortunately, the features of ICMP were often exploited in various
               forms of bandwidth-based denial-of-service (DoS) attacks, (DoS), such

               as ping of death, smurf attacks, and ping floods. This fact has shaped
               how networks handle ICMP traffic today, resulting in many networks
   762   763   764   765   766   767   768   769   770   771   772