Labels
Posted by Andrew Campbell

How to Find Your Broadcast Address

 

Understanding what broadcast addresses are and what they are used for is very important for your network security.  In fact when you are building your network you need to make efforts to protect your broadcast address so that you can protect your network from being exploited.

How could someone abuse a broadcast address?

First you need to think about what the address is used for?  It is an IP address that when a packet is sent to it, the data that was sent is broadcast to everyone on the network.  Great, sounds like a useful tool for quickly checking what's on your network.  Fire off an ICMP and get feedback.  

However like a hammer, where it's purpose is slamming nails into a board, you can also use the hammer to smash a car window. [5]

Broadcast addresses can be used for recon, or better yet used for a reflection attack.

Hypothetically think about a network where the broadcast address is not protected in any way.  If I can get every machine on the network to talk to me, then I could also get all those machines to talk to a specific target somewhere else on the internet.  This is the basics of how a reflection DDOS attack work.

Think about the size of some businesses.  10, 20, 100, 500.... If an attacker can get 500+ machines all sending packets to a single target that would be a headache on the receiving end.

How Determine Broadcast Address:

The following instructions are built with the assumption that you the reader have a basic understanding of networks.

First let's take a look at your currently assigned IP address

#ip a


In the image above we have this information

IP = 192.168.10.13

CIDR = 24

Broadcast Address = 192.168.10.255

The above brd looks like this because our subnet mask is 255.255.255.0.  Which is telling us that the first 3 octets are the the network space and the final octet is the host space.

This pretty straight forward.  But what if the octet is not a clean 255 or a 0?

Take a look at the image below!


As you can see our final octet has a value of 248.  The broadcast address is not going to have a 255 at the end.  We need to figure out the "multiplier".  We take 256 - 248 which gives us a value of 8.

8 is our multiplier.  The IP address in the image has a value of 13.  We need to add 8 multiple times till is either reaches the value of 13 or just passes it.  8+8 = 16, and now we have just passed 13, we subtract 1 and this gives us the value that will be our broadcast address.  

Remember that the broadcast address is the largest address in a subnet.

Another Example:


In the above example our mask has octet 3 set to 240 with the fourth octet being 0.

We already know that the fourth octet is going to be 255 in our broadcast address.

For the third octet we proceed with the same steps we did in the previous example

We subtract 240 from 256 giving us 16.  The we ask ourselves how many times does 16 go into 17.  It fits nicely once, but we need to cross that 17 line so we add it twice-->subtract 1 and we get 31!.

Above we can see the finished product.

I hope you enjoyed, this knowledge will come in useful when exploring your networks and those of your clients.  In an upcoming post I will be discussing how to protect your network from broadcast address abuse.

Reference: 

[1] https://www.youtube.com/watch?v=1pZNjRZLNqI

https://www.computertechreviews.com/definition/broadcast-address/

https://www.wikihow.com/Calculate-Network-and-Broadcast-Address

https://www.juniper.net/documentation/en_US/junose15.1/topics/concept/ip-broadcast-addressing-overview.html

https://blog.apt-secure.ca/2020/06/ethics-and-port-scanning.html

https://remotemonitoringsystems.ca/broadcast.php

Labels:

Popular Posts