IP Addresses - The Internet's Addressing Protocol

Imagine trying to deliver a package without a physical address. That's what communication would look like online without IP addresses. Every device from smartphones, laptops, servers and IoT devices requires an IP address to send, receive, or forward data across a network.

Two Primary IP Address Types:

• Private IP: Used within internal networks (e.g., your home Wi-Fi or office LAN). → Example: 192.168.1.1, 10.0.0.1
• Public IP: Assigned by your Internet Service Provider (ISP) for external communication across the internet. → Example: 197.210.45.90

Classful IP Addressing: A Historical Overview

Before CIDR became the norm, IP addresses were organised into classes to allocate them by network size.

Class A is used for large networks. It has the following structure:

• The first decimal range is 0 to 127
• The binary of the first bit is 0xxxxxxx
• The IP range is 0.0.0.0-127.255.255.255
• The subnet mask is 255.0.0.0
• The network ID is 8 bits long
• The host ID is 24 bits long.

Class B is used for medium-sized networks. Structure:

• The first decimal range is 128 to 191
• First binary is 10xxxxxx
• IP range is 128.0.0.0-191.255.255.255
• Subnet mask is 255.255.0.0
• Network ID is 16 bits long
• Host ID is 16 bits long

Class C is used for smaller networks. Structure:

• The first decimal range is 192-223
• First binary is 110xxxxx
• IP range is 192.0.0.0-223.255.255.255
• Subnet mask is 255.255.255.0
• Network ID is 24 bits long
• Host ID is 8 bits

However, Class D (first decimal range: 224-239) and Class E (240-255) are the only classes without bits allocated to their network and host IDS. Class D, for instance, is used for many-to-many communication as against an individual host. While Class E is reserved for experimental and research.

The class-based model was inefficient, often leading to IP wastage.

CIDR to the Rescue: Classless Inter-Domain Routing (CIDR) replaced classful addressing. CIDR allows flexible allocation, e.g., 192.168.1.0/24, enabling better IP space optimisation and route summarisation, which is a critical function for ISPs and Border Gateway Protocol routing.

IPv4 and Binary Representation: IPv4 addresses consist of 32 bits, split into four 8-bit segments known as octets. A typical IPv4 address like 192.168.0.1 looks simple, but is binary magic under the hood:

• 192 = 11000000
• 168 = 10101000
• 47 = 00101111
• 3 = 00000011
• = 11000000.10101000.00101111.00000011

The first three octets define the network address, the last refers to the host.

Bits vs Bytes

• Bit:Smallest unit of data (0 or 1)
• Byte: 8 bits = 1 character
• 1 IPv4 address = 4 bytes = 32 bits

The limited IPv4 space (~4.3 billion addresses) is insufficient for our hyperconnected world. Enter IPv6.

IPv6 - The Future of IP Addressing

IPv6 expands the address space from 32 bits to 128 bits, allowing approximately 340 undecillion addresses (yes, that's 340 followed by 36 zeros). This solves address exhaustion while introducing protocol improvements.

Example:

Why IPv6 Matters:

• Supports IoT and smart infrastructure
• Built-in security with IPSec
• Streamlined headers for faster routing

Many modern attacks and threat campaigns exploit misconfigured IPv6 settings or overlooked dual-stack networks, highlighting the importance of securing both IPv4 and IPv6 endpoints.

DNS - The Internet's Navigation Layer

Think of DNS as the Internet's phonebook. It resolves human-readable domain names like reinventsecurity.org into machine-readable IP addresses like 142.250.185.206.

How DNS Resolution Works:

• You enter www.reinventsecurity.org into your browser.
• The system checks the local cache.
• If not cached, it queries a recursive DNS resolver.
• That resolver consults the authoritative DNS server.
• The IP address is returned to your browser, which connects to the destination server.

DNS Advantages:

• Memorability: Names over numbers
• Resilience: DNS-based load balancing and failover
• Flexibility: Infrastructure changes without breaking user access

Command-Line Diagnostics

ping: Check network latency.

ping reinventsecurity.org

nslookup: Retrieve DNS info.

This returns the time taken for packets to travel to the server and back.

nslookup reinventsecurity.org

This provides details on DNS servers and domain IPs.

For enterprise blue teams, these commands can be automated into playbooks for proactive infrastructure monitoring.

Security Implications of IP and DNS

Misconfigurations or exploits targeting IP and DNS systems can result in:

• IP Spoofing: Faking the source IP to evade detection
• DNS Poisoning: Injecting false records to redirect traffic
• DDoS: Targeting DNS infrastructure (e.g., Dyn attack, 2016)

Real-World Example

In the 2016 Dyn DNS attack, major sites like Twitter and Netflix went offline. The attack weaponised IoT devices with hardcoded credentials, turning them into a massive botnet (Mirai).

Cybersecurity teams must actively monitor DNS traffic, segment network zones using IP blocks, and implement DNSSEC (Domain Name System Security Extensions) to authenticate DNS responses. IP addresses and DNS are the backbone of every data transaction across the internet. Whether you're a red teamer enumerating targets or a blue teamer hardening infrastructure, these systems must be understood, monitored, and secured with precision.

At Reinvent Security, we believe that deepening your grasp of foundational technologies like IP and DNS is the first step to building resilient, attack-aware systems.

Reference

www.techtarget.com |