WEBVTT 0 00:02.490 --> 00:05.780 So as we were talking about it 1 00:08.980 --> 00:12.030 the things that we were talking about yesterday was 2 00:15.050 --> 00:20.950 you said the exchange with exchange the main budget exceeds 3 00:24.010 --> 00:25.040 as that again. 4 00:26.390 --> 00:33.310 Let's say I have Bob again Ellis and they want to create a. 5 00:33.850 --> 00:36.920 Now think about it some production environment. 6 00:37.140 --> 00:43.940 Bob I notice that nothing that to doubters throughout is remotely connected to the defense. 7 00:43.960 --> 00:48.500 Eventually they found a way to connect to the internet. 8 00:48.600 --> 00:52.710 Between them is the Internet. 9 00:52.710 --> 00:54.510 They're talking via the Internet. 10 00:54.530 --> 00:59.760 I have a package that they're going to be exchanging I want to be available to everybody all of them 11 01:01.170 --> 01:01.530 to me. 12 01:01.530 --> 01:10.860 James Beard anyone who's there he can sniff those packets when they decide if they decide that whatever 13 01:11.100 --> 01:15.080 their communication is going to take place it should be secure. 14 01:15.470 --> 01:22.610 So the first packet for this to initiate this kind of communication can come from any one of them. 15 01:22.620 --> 01:29.580 It doesn't really necessarily have to be from Bob Dallas or from Alice to Bob although we did see that 16 01:29.580 --> 01:34.740 in certain cases and remote access regions that would be the case. 17 01:35.040 --> 01:39.090 But now anyone can initiate this type of connection. 18 01:39.090 --> 01:41.210 So let's say we'll start with Bob. 19 01:41.670 --> 01:43.980 Let's move this because you need to create those tunnels. 20 01:44.490 --> 01:48.920 So Bob will do you will send out a baguette. 21 01:49.140 --> 01:51.080 Now I know it's an accident packet 22 01:55.210 --> 01:59.930 type is going on UDP 500 UDP port number 500. 23 02:00.350 --> 02:02.810 It's an Ice account packet. 24 02:03.140 --> 02:04.500 So that's how it comes out. 25 02:04.730 --> 02:06.170 And I said come back it comes out. 26 02:06.230 --> 02:12.120 Destination UDP 500 serves service is also UDP 500. 27 02:12.560 --> 02:14.650 What is inside that packet. 28 02:18.490 --> 02:19.580 Policies. 29 02:19.820 --> 02:20.660 Which policies 30 02:24.740 --> 02:32.300 like encryption mesh authentication and 31 02:35.440 --> 02:43.770 what kind of encryption Am I using 3D caching Sha authentication PRICHEP GSK and group maybe two. 32 02:45.370 --> 02:48.190 Basically I am telling Alice this is what I've chosen. 33 02:48.400 --> 02:53.960 You tell me what you have chosen because we need to agree on the same policies. 34 02:54.370 --> 02:56.380 Alice gets this bag that Alice is placing. 35 02:56.410 --> 02:56.760 OK. 36 02:56.800 --> 02:58.960 These are my set of policies that you 37 03:06.420 --> 03:12.650 troubleshooting if our policies are mismatched our policies are mismatched. 38 03:12.700 --> 03:15.700 Miss Packard when we get stopped 39 03:18.460 --> 03:19.510 I go number two. 40 03:20.710 --> 03:25.390 So by that one you'll see in the exchange that the two will not be coming back because it will not be 41 03:25.390 --> 03:32.150 accepting anything so if Exchange is getting stuck in the first and the second budget. 42 03:32.160 --> 03:32.880 What does that mean. 43 03:35.460 --> 03:37.420 That's why I said this is very very important. 44 03:37.460 --> 03:42.450 The exchange because someone shooting the Libyans are right here. 45 03:43.340 --> 03:44.260 It's getting stopped. 46 03:44.280 --> 03:48.370 Can government is not coming up and there has to be a place where it gets stuck. 47 03:49.460 --> 03:56.690 Either the first to back is the third fourth fifth or sixth year to debug commands which shows you which 48 03:56.690 --> 03:58.400 state is getting stepped in. 49 03:58.790 --> 04:07.570 If you know exactly what happens in that state you're not sure that this policy mismatch would be one 50 04:07.570 --> 04:09.790 end to what happens in Baghdad no city 51 04:16.730 --> 04:18.080 the number three is what 52 04:23.100 --> 04:28.120 bridge public and 53 04:31.330 --> 04:32.510 notes. 54 04:32.830 --> 04:34.880 There's still some other stuff that. 55 04:34.970 --> 04:36.090 And something like that. 56 04:36.270 --> 04:38.000 We'll keep on adding it when we said. 57 04:38.010 --> 04:40.120 But these are the important ones is this. 58 04:40.220 --> 04:45.610 You should not do it and knows this to be it. 59 04:45.620 --> 04:51.580 Publicly they publicly press the mixture of my private and the public. 60 04:52.230 --> 04:57.980 But the sent word across to the other side. 61 04:58.960 --> 05:09.610 I guess that applies the same set back to its public nonce but this dance is 62 05:13.210 --> 05:21.000 but when I men are left to receive the third bucket it gets what it's team material because it has all 63 05:21.000 --> 05:23.080 that it needs. 64 05:23.160 --> 05:26.580 By the end the third bag analogy gets it by the end of fourth bucket 65 05:30.610 --> 05:33.690 by the end of fourth but then Bob gets it. 66 05:34.050 --> 05:41.740 Remember until now I was a camp is not protected in the first four buckets as the camp is still open 67 05:43.580 --> 05:46.570 late so whatever is going on right now it's open. 68 05:46.810 --> 05:52.030 Anyone can see anyone who's sniffing can see the public dig and see the nonce you can see everything 69 05:52.290 --> 05:57.970 is that one of the sides of the mountains is going to be a good bet but that's fine because it's going 70 05:57.970 --> 05:59.570 to be encrypted using D.H. 71 06:06.310 --> 06:10.100 tough for the not what's. 72 06:10.440 --> 06:13.410 Yeah David I've never comes. 73 06:13.410 --> 06:21.910 It is coming but it's coming as a mixed set of something so it never seems like you building that. 74 06:23.370 --> 06:31.690 The random named entity number would have more than numbers and so than I think it is I'll tell you 75 06:31.730 --> 06:32.320 this. 76 06:35.660 --> 06:39.740 The setting of the public eye is unique. 77 06:39.780 --> 06:42.170 That is you mean the one which they have received. 78 06:43.060 --> 06:45.130 Yeah they're always unique. 79 06:48.830 --> 06:49.650 Scooping that bag. 80 06:49.670 --> 06:55.960 Yeah but public I days you have to buy from a service provider a service where it can never give to 81 06:56.090 --> 06:57.190 people the same public. 82 06:57.700 --> 06:58.370 It's in these like 83 07:01.260 --> 07:06.720 any question that dilemma. 84 07:08.290 --> 07:15.070 Listen to this packet see when you configure the float but you can take it on with certain policies 85 07:15.070 --> 07:17.160 you'll use this you use the civilians you know. 86 07:17.170 --> 07:17.490 Does 87 07:20.300 --> 07:22.390 that make 88 07:28.260 --> 07:30.680 you want to sniff you're talking about the sniffing. 89 07:30.880 --> 07:32.930 The service provider could do it. 90 07:32.950 --> 07:34.180 Traffic is going through them. 91 07:34.570 --> 07:37.040 He would just randomly do that. 92 07:37.190 --> 07:44.310 Which can be done so service respirator safe and plus the service providers. 93 07:44.320 --> 07:44.840 No. 94 07:44.960 --> 07:49.010 It goes from one service provider to another service provider to another service provider. 95 07:49.020 --> 07:53.760 There is a possibility internally someday provided by sniffing. 96 07:53.800 --> 07:55.000 My daughter was right. 97 07:55.030 --> 07:59.410 But someday who knew that an athlete is going through that but it isn't a big part of what could happen 98 07:59.410 --> 08:01.620 is when you're sitting at night. 99 08:01.690 --> 08:06.220 Even in your insight network when you're sitting your fact finding out that you're inside your head. 100 08:06.240 --> 08:11.770 So when you send your packet outside there's a man in the middle that back in your company someone is 101 08:11.770 --> 08:14.290 in your company along the way that is running out. 102 08:14.490 --> 08:15.600 We'll see that too. 103 08:16.060 --> 08:17.850 Why would you make it better. 104 08:18.040 --> 08:25.140 Once I know on the republic where they will be privately so it will go to that first nature of Babylon 105 08:25.150 --> 08:26.620 to a possibility. 106 08:27.100 --> 08:32.860 We can do that too but again man in the middle that that can happen in that case whenever that happens. 107 08:32.880 --> 08:39.160 The one thing is even if man in the manner of man in the middle that happens in this case doesn't get 108 08:39.160 --> 08:45.310 much information he gets the public key he gets the independence he gets the policies that they're using 109 08:45.340 --> 08:48.550 but these policies are for which dumb. 110 08:49.060 --> 08:55.450 The first time these policies when I talk about the first tunnel is that for the first time nothing 111 08:55.450 --> 08:57.980 really changes it's not really a big deal. 112 08:58.070 --> 09:00.790 The encryption only happens only of 7. 113 09:00.790 --> 09:02.320 The rest of the tunnel remains the same. 114 09:02.380 --> 09:08.030 Let's say this address public addresses one that one not one that one and Alice's is do that do that 115 09:08.030 --> 09:11.830 to go to bed number is 500 to pay for it. 116 09:13.690 --> 09:19.710 Isaac was Isaac up before in the first row. 117 09:19.740 --> 09:23.710 I guess it was at The Gap in Baghdad 5th and 6th. 118 09:23.830 --> 09:24.650 It gets into the 119 09:31.100 --> 09:37.020 starting back at 5 onwards and which gives you an encryption. 120 09:37.070 --> 09:43.130 This is a session okay. 121 09:43.200 --> 09:47.290 This is where the confusion lies and I don't know why. 122 09:47.490 --> 09:55.620 This is really simple if you really look at it one way every kind of encryption every kind of hashing 123 09:55.620 --> 09:56.670 will be done using 124 09:59.760 --> 10:03.630 this Blackie called the sessions. 125 10:03.630 --> 10:08.730 How do you get this lucky birds exchange. 126 10:08.980 --> 10:15.630 I'm dating from now on every kind of encryption will be done automatically when will be done based on 127 10:15.900 --> 10:17.520 this. 128 10:17.640 --> 10:19.690 That's one other thing that I want to make clear. 129 10:20.010 --> 10:25.420 What are the ingredients you need for studying the ingredients that you need for the time. 130 10:25.650 --> 10:27.340 Is encryption mechanic. 131 10:27.360 --> 10:29.370 What kind of encryption are we going to use. 132 10:29.430 --> 10:31.590 What kind of hashing are we going to use. 133 10:31.590 --> 10:32.440 And the key. 134 10:33.030 --> 10:34.400 If you have these two things were done 135 10:37.490 --> 10:38.950 by random. 136 10:38.950 --> 10:40.840 What kind of I use it as a yes. 137 10:40.900 --> 10:44.950 One of the choices that I'm using an independent chair one of the choices. 138 10:44.950 --> 10:47.080 Once those choices are set you need the key. 139 10:47.080 --> 10:48.590 Once you have these two things you're done. 140 10:49.930 --> 10:51.570 That's what we have right now. 141 10:51.580 --> 10:53.490 Does he have the set up policy that he's using. 142 10:53.500 --> 10:53.810 Yes. 143 10:53.830 --> 10:57.900 In the first exchange that's what he does then negotiate. 144 10:58.480 --> 11:01.630 Let's say you're using 3D and shot. 145 11:02.050 --> 11:03.410 He doesn't show 146 11:07.030 --> 11:08.380 using this thing doesn't show. 147 11:08.400 --> 11:09.660 And the key. 148 11:10.060 --> 11:11.410 Now not all of the. 149 11:11.440 --> 11:14.130 He will take out a small portion for advice. 150 11:16.990 --> 11:21.070 Yes take out the keyboard just compatible with this one. 151 11:21.600 --> 11:26.440 Listen to this case is that you created it. 152 11:26.520 --> 11:31.090 Depending upon your group size is one day. 153 11:31.410 --> 11:32.060 Yes. 154 11:32.220 --> 11:34.510 To those is how much and 168 bits. 155 11:35.750 --> 11:41.540 So it takes those 168 to get to them. 156 11:41.550 --> 11:45.130 It's not random because both of the sides have to do it safely. 157 11:47.020 --> 11:47.670 Removes it. 158 11:47.750 --> 11:48.240 Yes. 159 11:48.390 --> 11:52.820 Yes that's one and I'll tell you that timings of how long those. 160 11:53.190 --> 11:54.280 But that's how he gets it. 161 11:55.530 --> 11:59.040 So that's my attempt 160 bits from the other side does the same. 162 11:59.040 --> 12:00.870 And then he uses it now for this. 163 12:01.000 --> 12:06.300 And which part does this interrupt the second part not the data. 164 12:08.680 --> 12:10.730 I'm right now I'm still on the 5th but at 165 12:13.770 --> 12:17.550 the same corruption that I've seen here. 166 12:17.880 --> 12:21.500 These do only apply to the Aztec empire. 167 12:22.140 --> 12:22.440 Why. 168 12:22.440 --> 12:28.450 Because this is done so that I can protect the actual exceeds the Good morning. 169 12:29.000 --> 12:30.990 After this everything is going to be protected. 170 12:31.320 --> 12:33.420 What am I going to send in the first budget. 171 12:35.470 --> 12:37.230 Whiskey. 172 12:37.560 --> 12:41.520 What is it used for early. 173 12:41.580 --> 12:45.850 I tend to get estimates that Alice is up into about published in Dallas. 174 12:45.870 --> 12:48.550 I send him my bill escape. 175 12:48.660 --> 12:50.570 He will send me this 176 12:53.920 --> 12:55.200 one. 177 12:55.370 --> 12:56.210 No this is not. 178 12:56.270 --> 12:56.790 No. 179 12:56.930 --> 12:58.210 No I'm have not. 180 12:58.260 --> 12:59.920 I'm not gone dry says. 181 13:00.610 --> 13:02.120 There is still normal. 182 13:02.160 --> 13:02.670 He escaped. 183 13:02.770 --> 13:03.880 He said if you 184 13:08.380 --> 13:12.790 that is the next then the next back in May. 185 13:12.950 --> 13:19.780 No no we have not back down this still the first four packets was to negotiate this first tunnel. 186 13:19.780 --> 13:28.880 When I say I'm talking about encryption Mr. Gibson and hashing off Isaac led the lethal exchanges that 187 13:28.880 --> 13:31.720 take place are protected. 188 13:32.710 --> 13:33.980 The actual exchange of key 189 13:38.200 --> 13:46.610 you don't realize that this is an option and chatter site will be repeated. 190 13:46.660 --> 13:49.750 It's just invigorating. 191 13:50.110 --> 13:53.780 The other side that he could have said I've checked the utility again. 192 13:54.250 --> 13:56.130 Yeah. 193 13:59.370 --> 13:59.550 Yeah 194 14:02.630 --> 14:17.460 I've seen this bikers from the middle of the year from the middle of December after 20 minutes. 195 14:17.500 --> 14:18.890 That depends. 196 14:19.110 --> 14:22.140 See when this aggregate sense takes place online. 197 14:22.160 --> 14:25.300 Instead it seems once I was all alone. 198 14:25.310 --> 14:31.000 But that said it seems he's not expecting anything you're not expecting anything as long as that session 199 14:31.000 --> 14:36.140 is not broken down as long as it's not broken down the other side will not accept it. 200 14:36.620 --> 14:41.920 Instead as he is as long as you don't break it you're sending more packets will you get it. 201 14:41.920 --> 14:45.070 But he's not going to do much with it. 202 14:45.310 --> 14:47.330 They're not NBA player that's available. 203 14:47.340 --> 14:50.770 No I won't say no but there is a little different. 204 14:51.680 --> 14:56.170 Said here that he sends out the open sessions some is based on SBA numbers. 205 14:56.170 --> 14:57.860 I'll explain when we get there. 206 14:58.150 --> 14:59.880 That happens in a sec. 207 14:59.960 --> 15:03.460 He doesn't get out open it so he sends out sends it again and again and again. 208 15:03.840 --> 15:12.650 So that the sessions on the other side are open late so maybe you understand this five and six five 209 15:12.670 --> 15:20.100 and six is nothing but you asking if this was big guy in 5 and 6 I would have said to my certificate 210 15:20.800 --> 15:23.190 not the key certificate. 211 15:23.390 --> 15:31.300 Just make sure you understand that this has nothing to do with encryption or authentication same so 212 15:32.700 --> 15:35.880 same key on both ends. 213 15:36.270 --> 15:40.510 Let them know these six -- are known as what 214 15:44.860 --> 15:47.950 turns 16 since it was running since 215 15:50.950 --> 15:55.370 OK so he does not remember what were you using today as a country. 216 15:55.370 --> 15:55.800 That's right. 217 15:55.870 --> 16:01.580 He doesn't show in the 7th but it starts with a quick more cold is the quick more 218 16:05.560 --> 16:07.690 the seventh packet. 219 16:07.810 --> 16:14.200 I'm going to be sending what the actual the actually actually. 220 16:14.290 --> 16:17.580 This is just the control that the actual data. 221 16:17.650 --> 16:23.440 The policies that I'm going to be using for the data you have a valid security association. 222 16:23.440 --> 16:24.900 We also call it transforms. 223 16:29.780 --> 16:33.440 This negotiation is protected protected by whom. 224 16:36.000 --> 16:41.510 By the first time when I say 10 I mean three days in a shop. 225 16:41.580 --> 16:42.840 This part is protected right. 226 16:43.350 --> 16:46.090 All this information is inside of this part inside. 227 16:46.100 --> 16:50.250 This is the selling package. 228 16:50.300 --> 16:57.120 The policies that you are exchanging which is that say essay I'll call it a security association policies 229 16:57.510 --> 17:02.350 which would be let's say yes and then design. 230 17:03.450 --> 17:11.850 I send it from here to the other site where the site replace with his set of policies. 231 17:16.200 --> 17:25.650 And you get both of you by the end of this meeting after I get 5 onwards everything is perfect. 232 17:26.360 --> 17:29.410 He sends out his set of policies back to me. 233 17:30.810 --> 17:35.820 When I see this set the policies I agree on if I need to let the other guy know that I've agreed on 234 17:36.120 --> 17:36.610 everything. 235 17:37.110 --> 17:41.260 So in the end I just send in kind of an acknowledgement to the epicenter. 236 17:41.580 --> 17:44.790 Basically telling him that the policies I managed on my own also. 237 17:44.790 --> 17:46.440 Everything is fine for my sake. 238 17:46.450 --> 17:49.950 Here is an acknowledgement that he receives acknowledgement. 239 17:49.950 --> 17:50.510 He sees that. 240 17:50.520 --> 17:51.770 Yes that's how it is okay. 241 17:51.780 --> 17:58.930 I'm okay with it but time is up Mr. is up not just in the actual 242 18:01.640 --> 18:02.480 rapture. 243 18:08.260 --> 18:09.440 You understand this. 244 18:09.730 --> 18:11.240 Yes and in detail right. 245 18:11.270 --> 18:12.140 Until now. 246 18:12.730 --> 18:13.480 Until now. 247 18:13.960 --> 18:21.730 This Saturday nineteen ninety nine. 248 18:23.050 --> 18:24.280 Now Lester quick. 249 18:24.310 --> 18:33.420 Somebody is a is things last is getting stopped in number 4 and 5 7 5 and 6 can be the cause 250 18:37.100 --> 18:40.510 it's so easy to miss much. 251 18:41.550 --> 18:45.780 So if you're stuck in 2006 he knows that if you're stuck in seven and eight 252 18:48.540 --> 18:50.160 fantasy mismatch with the second. 253 18:50.450 --> 19:01.620 So we've configured wrong policies for the second time to four year and every element. 254 19:02.120 --> 19:08.660 But do you have control over that the element is an automated process that will never get sucked into. 255 19:09.670 --> 19:13.640 So that either gets stuck and and do ordered gets stuck in five and six. 256 19:13.870 --> 19:17.720 We never get stuck in that business. 257 19:17.780 --> 19:20.730 That is the first budget fallacy right. 258 19:20.810 --> 19:29.910 Negotiation of the policies when they negotiate and using the loopholes using the five not at the same 259 19:30.130 --> 19:33.810 point as no information up to me to do so. 260 19:34.130 --> 19:37.040 These were public public nonsense. 261 19:37.060 --> 19:45.460 You don't say that so dramatically that I was 7 and 8 that 9 8 would not get stuck if it bears repeating 262 19:45.460 --> 19:53.060 the lower prices again to make sure that everything is OK. 263 19:54.470 --> 19:56.310 Negotiating timing. 264 19:56.320 --> 19:58.910 But that is not contemplation. 265 19:58.990 --> 20:00.000 These are comparisons. 266 20:00.460 --> 20:08.090 If you miss any one of these not you have to configure each of each and every step you take. 267 20:08.110 --> 20:11.830 The question is all right this is OK. 268 20:14.850 --> 20:16.650 I made the deal as it is. 269 20:16.650 --> 20:19.270 I chose three days shop on both ends. 270 20:19.480 --> 20:27.000 Now the actual data that is going to flow through the actual data that is going to flow through is going 271 20:27.000 --> 20:27.900 to flow like this 272 20:33.550 --> 20:36.040 that's a public network that they're connected to. 273 20:36.040 --> 20:43.550 This is connected to 150 one dog credit without zero slash 24 and there's going to be 150 one dot going 274 20:43.550 --> 20:45.370 into the dark zero slash 24. 275 20:46.550 --> 20:49.960 This is not one but two. 276 20:50.640 --> 20:57.290 These two guys in public 150 so when they're communicating 277 21:01.060 --> 21:10.030 well that one is above and below they're communicating on UDP 500 to 500 right after that. 278 21:10.030 --> 21:14.570 Once that's done this fine which said the second tunnel 279 21:17.600 --> 21:20.410 though what is the actual second of the day that the 280 21:25.100 --> 21:31.140 plan to land in the ones is the one true to the negotiating table he negotiated about the second validate 281 21:31.410 --> 21:33.890 what are the policies that I'm using on the second term. 282 21:35.950 --> 21:38.040 Yes and then NDA 283 21:45.850 --> 21:53.630 you have a policy that I'm using on the second time they were choosing the policies for the second panel. 284 21:53.630 --> 21:55.590 You also have to choose the 285 21:59.070 --> 22:02.000 they are choosing the policies he has up to the head. 286 22:02.020 --> 22:04.470 There are already two types of headers available to you. 287 22:04.480 --> 22:07.900 One was ESB. 288 22:08.020 --> 22:10.460 The other is storage. 289 22:13.410 --> 22:15.700 One is ESB whether it is. 290 22:15.710 --> 22:27.080 Which one are these you thought it is or it only supports authentication setting integrity. 291 22:27.900 --> 22:36.150 Well is only supports integrity so it only supports and B5 and QA it cannot do any encryption. 292 22:36.490 --> 22:45.640 So if you're using your then yes you can use it if you want to but your actual data will be better but 293 22:46.630 --> 22:51.650 it will be incorrect and sadly integrated which I showed you yesterday how it's done. 294 22:51.750 --> 23:00.370 Remember no one can Bamford the data decide that is done but there will be no encryption everything 295 23:00.370 --> 23:04.600 will be open cleared text you don't want that. 296 23:04.810 --> 23:08.890 I mean earlier we used to work but now you don't work with that. 297 23:08.890 --> 23:11.260 Most of the times the header that you'll be using will be what 298 23:16.330 --> 23:17.310 the ISP defines. 299 23:17.320 --> 23:25.390 If you're using ESB behind that you're going to that second column either you swear it in without the 300 23:25.430 --> 23:31.100 tool if you see any one of those two yet that means your traffic is going to air through the 301 23:34.660 --> 23:40.170 Wellington public here to public yet and eventually through the town of ESB. 302 23:41.750 --> 23:43.550 And what is ESB eventually going to do. 303 23:43.550 --> 23:50.970 It is going to encrypt the data authenticate the data cache that it now. 304 23:51.080 --> 23:53.990 If it's doing that tell me which he doesn't use 305 24:01.710 --> 24:05.870 Where does he get the key from to encrypt. 306 24:05.960 --> 24:08.310 This is phase one. 307 24:08.460 --> 24:12.280 Yes I do remember from that key I used to read as far away. 308 24:12.410 --> 24:19.110 But for the first time I used to read as funny that I need to use what he's saying take out another 309 24:19.110 --> 24:19.730 chunk out of 310 24:23.190 --> 24:31.730 it take a separate centre which is the same with the same that he with 168 bits. 311 24:31.830 --> 24:33.390 This he says is 126 312 24:36.660 --> 24:38.650 so I can only use the same key. 313 24:40.430 --> 24:47.250 So I take a separate chunk from here and a separate gem from here and use that junk to do my William 314 24:47.270 --> 24:50.890 Gibson decryption on the data. 315 24:50.960 --> 24:53.690 Now this encryption will likely at 70. 316 24:53.900 --> 25:07.330 It starts from Layer 3 but right of ESPN we already having its the second in line in their second policy 317 25:08.270 --> 25:18.440 in heavy car so why do we use these three people even when we are not USP is not used for is the ESB 318 25:18.440 --> 25:20.120 is not a s are sharp. 319 25:20.590 --> 25:21.990 Yes it is a protocol. 320 25:22.780 --> 25:24.940 It's a protocol that defines how to do this. 321 25:24.970 --> 25:26.370 E S and how to do this show. 322 25:27.730 --> 25:35.080 So when a backup comes in like ESB as their ESB was they'll give first you will go through a s using 323 25:35.080 --> 25:46.590 the DG Then you will go through some and then you can move forward and you can go out and why it is 324 25:46.610 --> 25:52.610 not used in the first standard because everything was happening only at 7 in the second. 325 25:52.700 --> 25:56.440 I think that by itself was a brutal day. 326 25:56.660 --> 25:57.530 Everything was there. 327 25:57.530 --> 26:00.260 It did not require ahead that required ahead that way. 328 26:00.350 --> 26:08.510 Now on the day that I need to separate my private networks and my public networks private traffic will 329 26:08.510 --> 26:09.860 flow here. 330 26:09.860 --> 26:11.130 This will not just be ahead. 331 26:11.430 --> 26:15.200 This will be IP addresses growing from 10 1 1 1 332 26:19.440 --> 26:22.440 traffic going from private addresses to private interests. 333 26:23.660 --> 26:27.280 Yes we will decide yes we will make sure that no one can see it. 334 26:28.790 --> 26:30.610 Isaac I was like live 7 protection. 335 26:30.620 --> 26:34.120 There was nothing much to hide he was not hiding headers. 336 26:34.330 --> 26:36.290 He was just hiding said extra. 337 26:37.260 --> 26:44.540 What I heard is that you need data which defines how he works how so. 338 26:45.030 --> 26:46.490 So just a protocol. 339 26:46.750 --> 26:52.280 It was just a protocol but it was only doing what integrity would define you go through time. 340 26:52.280 --> 26:54.400 Then you brought that it comes back. 341 26:54.400 --> 26:57.290 He needs to decrypt it using the same. 342 26:57.290 --> 26:59.280 Yes yes speed DSP data. 343 26:59.420 --> 27:07.700 I would give the data first should you digested that just means shot and digest when you authenticate 344 27:08.090 --> 27:11.930 integrity from one end not just from the other end hashing and digest. 345 27:12.140 --> 27:15.500 So you open it up and you see if that just is correct. 346 27:15.530 --> 27:19.100 Would you be glad that you get the actual data back. 347 27:19.250 --> 27:31.940 Like I said Isaac I'm bugs that people would favor that stance stands for whatever it is on top of transport 348 27:31.940 --> 27:34.990 there is less heaven no whatever it is on transport. 349 27:35.310 --> 27:38.530 It's not presentation whatever led is after that is listen. 350 27:38.690 --> 27:45.650 When I when I was transport led has a live seven years it was just like us GDP is now 70 runs on DCP 351 27:45.940 --> 27:51.620 number something might be autonomous something and some means with this. 352 27:52.810 --> 27:59.710 OK. 353 28:00.610 --> 28:12.680 Whether they would like to see it described above make it more simple life for them. 354 28:13.870 --> 28:24.190 If you don't have the same Do you understand how much this means like integrity. 355 28:24.250 --> 28:28.240 How would the integrity go into the food. 356 28:28.410 --> 28:32.190 Yes I didn't see your key is here. 357 28:32.200 --> 28:34.480 I would give a licence. 358 28:34.810 --> 28:39.460 What you have no information is what I can do. 359 28:39.520 --> 28:41.250 I'm right where did that happen. 360 28:41.260 --> 28:44.320 It wasn't just that someone tampered the battery. 361 28:44.580 --> 28:46.700 He babbled one bag and then the departed comes to me. 362 28:47.020 --> 28:49.170 I see that the visor does not match. 363 28:49.250 --> 28:55.150 Really thing that he doesn't drop the fact that it completely doesn't send in a talisman vacuum. 364 28:55.680 --> 29:03.760 So when this I know that the packing has got to be sent I haven't told you will not open it. 365 29:04.050 --> 29:05.170 Yeah we will not. 366 29:05.160 --> 29:06.390 When he see that I just wrong. 367 29:06.400 --> 29:06.790 That's it. 368 29:07.120 --> 29:13.060 He knows that Stamford is dangerous doesn't that it maps the benefactor as long as he doesn't get the 369 29:13.060 --> 29:15.840 badges that he will not accept the facts. 370 29:16.640 --> 29:22.090 But we're not depending upon what kind of connection it was DCP or something that you can if you want 371 29:22.090 --> 29:22.800 to. 372 29:22.910 --> 29:27.420 You can if you want to send any Bill loves the the with that. 373 29:30.910 --> 29:32.700 Sometimes it does happen. 374 29:32.800 --> 29:39.940 Sometimes it does happen that that time you see that when a company is like that. 375 29:39.980 --> 29:41.340 Do you see that. 376 29:41.540 --> 29:42.610 Yeah. 377 29:43.880 --> 29:45.520 Yeah yeah. 378 29:45.890 --> 29:48.210 I wouldn't know what to do about it. 379 29:48.960 --> 29:51.070 It's a good. 380 29:52.190 --> 29:55.910 Yeah. 381 29:56.300 --> 29:57.870 Yes. 382 29:58.360 --> 30:00.930 MMN did many cases. 383 30:01.310 --> 30:05.420 I know I'll tell you those tunes and they don't do that at debugging stage. 384 30:05.420 --> 30:07.110 They can get stuck here. 385 30:07.160 --> 30:09.740 You should know why you're stuck in your separation. 386 30:09.770 --> 30:15.470 But before that you should be comfortable with the states for the exchange when they say sex space once 387 30:15.470 --> 30:17.260 you know what the exchange takes place there. 388 30:17.630 --> 30:21.380 When I show you the states you should be able to look at the state and say OK this state is because 389 30:21.380 --> 30:24.440 of the state is because of this. 390 30:25.570 --> 30:27.850 Now do you see this. 391 30:28.250 --> 30:30.250 My question which I wondered last you. 392 30:30.260 --> 30:34.350 Is that okay. 393 30:34.520 --> 30:37.910 I'm going to use a separate yes not the one which I used before. 394 30:37.910 --> 30:39.650 Earlier I used yes. 395 30:39.800 --> 30:40.670 How did I get that. 396 30:40.680 --> 30:45.670 Yes I took it from the junk but the yes and data encryption far less have it. 397 30:45.890 --> 30:50.390 Now I'm begin by a as an empty face and the actual data that is going to flow through. 398 30:50.390 --> 30:56.720 Now from this time there's going to be a good data using the Yes and in debate the other side is going 399 30:56.720 --> 31:01.090 to declare that using asset and B5 and he's finally get the data. 400 31:03.540 --> 31:04.670 Okay. 401 31:05.050 --> 31:06.880 The question is okay. 402 31:07.150 --> 31:11.530 You might ask me the question then using -- I went through and through. 403 31:11.530 --> 31:18.170 If I'm going to do the data remember the objective the challenge that we faced yesterday which I've 404 31:18.190 --> 31:24.730 talked about the challenges that the guy should not receive a lot of data that challenge we still have 405 31:24.730 --> 31:25.300 not solved. 406 31:26.860 --> 31:37.870 If someone is sitting here that is if someone is sitting right here and is dipping on the data he can 407 31:37.870 --> 31:43.330 get jeebies worth of data in the job is worth of data right. 408 31:43.730 --> 31:47.960 You get that keep it with him and then try to grab the key. 409 31:47.980 --> 31:53.030 The more the data that he has the more the chances of him tracking the team. 410 31:53.290 --> 31:54.730 How do you prevent yourself. 411 31:54.730 --> 31:58.440 You don't IP set by itself has a mechanism nothing. 412 31:58.580 --> 32:05.460 The interesting thing about this remember this yes the small creature. 413 32:05.560 --> 32:12.350 Where do you think the lifetime of this a sentence. 414 32:13.270 --> 32:15.250 It's only one out. 415 32:15.850 --> 32:18.730 Thirty six hundred seconds. 416 32:18.730 --> 32:28.050 This junk that your son that is used for the actual date to go through is only what is only thirty six 417 32:28.050 --> 32:28.620 hundred seconds. 418 32:28.630 --> 32:31.880 That is one hour after one hour. 419 32:32.230 --> 32:33.770 Of the sights. 420 32:33.790 --> 32:39.550 I'm not going to get a new key but they're just going to remove the songs and get another chance from 421 32:39.550 --> 32:40.510 this scheme would be. 422 32:46.020 --> 32:52.770 Some are saying they're not going to change the theme with the material is going to remain the same. 423 32:52.890 --> 32:56.250 Are you concentrating on what I'm saying. 424 32:57.980 --> 33:07.900 How is it possible for us to use the tactics after not being able to sniff it can be collected equally 425 33:07.910 --> 33:13.470 when we're trying to do a DoS attack on the different keys. 426 33:14.040 --> 33:21.140 So the more the data that he has the more sample that he has to do stuff compared with this tablet that 427 33:21.140 --> 33:22.030 driving that. 428 33:22.660 --> 33:29.700 But my sense is there is a chance that this if you use a whole computational computational power of 429 33:29.700 --> 33:36.660 the woodwork within a year you might be able to track it within a year 8 months 10 months. 430 33:36.660 --> 33:42.210 That is if you use the whole part of the world you would have gone through this and that's what I'm 431 33:42.210 --> 33:42.750 saying. 432 33:42.780 --> 33:50.790 He will be able to do that but every hour every hour I'm changing my key which says different do different 433 33:50.790 --> 33:51.180 things. 434 33:51.200 --> 33:58.920 Rhett says if he gets the key he comes back after 10 months and sees the key around thirty six thousand 435 33:58.920 --> 34:01.480 times already. 436 34:02.010 --> 34:02.820 So he comes back. 437 34:02.820 --> 34:03.770 There's nothing in there. 438 34:05.310 --> 34:10.370 What if he comes within two hours will be used as we can make. 439 34:10.370 --> 34:11.710 He hasn't really changed. 440 34:11.780 --> 34:16.070 The other thing that I'm protecting against is Mike he is only going to be valid for one hour. 441 34:17.990 --> 34:23.550 So the sample data that he's going to get is not for more than one hour. 442 34:23.970 --> 34:26.270 That is not a lock. 443 34:26.570 --> 34:33.240 There's another thing that you can set values that of the limit of data that is going to say get for 444 34:33.240 --> 34:37.180 jeebies after be over data to the keys. 445 34:39.510 --> 34:41.990 You would have said 36 seconds. 446 34:42.140 --> 34:46.460 The late 80s that these men are basically getting the full material back. 447 34:46.470 --> 34:50.910 They're just taking some different random number out of that team which is made of them do the same 448 34:50.910 --> 34:51.130 thing. 449 34:54.360 --> 34:56.680 Back to them in the data. 450 34:58.110 --> 35:06.740 No see the good thing about Isaac up once Isaac concerns those nine brackets it keeps his hand up. 451 35:06.740 --> 35:10.760 It just tells them what to do with them. 452 35:11.190 --> 35:16.370 I mean that that's the whole point of controlling development data. 453 35:16.760 --> 35:19.890 The whole thing you need is the king either once he gives you the cheap idea. 454 35:20.780 --> 35:23.820 He keeps his hand up and he stays there for 24 hours. 455 35:23.820 --> 35:25.850 This state is known as quick. 456 35:28.760 --> 35:29.810 Say this more. 457 35:29.870 --> 35:30.600 I do. 458 35:30.650 --> 35:33.330 He will said Give me the key to look at. 459 35:33.330 --> 35:34.790 Listen this is your team. 460 35:34.850 --> 35:37.490 Do not disturb me for another 24 hours. 461 35:37.490 --> 35:38.870 I'm going to stay as I am. 462 35:39.020 --> 35:39.940 Here's a key. 463 35:39.950 --> 35:41.980 Keep on changing the key every one hour. 464 35:43.850 --> 35:45.610 You punch the key everyone out. 465 35:45.770 --> 35:47.740 So simply keep sending everyone out. 466 35:47.870 --> 36:01.330 Then Mr Abbott is after 24 hours after 24 hours the world AC company shuts down comes back up again. 467 36:01.360 --> 36:08.380 What will that give you that gives you completely new king what they do with 468 36:11.450 --> 36:19.120 Isaac and comes back some bad days and comes back up again gives you new king material on both ends. 469 36:22.680 --> 36:29.250 Yes wait a second doesn't make much of a difference in 470 36:32.170 --> 36:36.970 this case huh. 471 36:38.300 --> 36:43.170 Maybe you going do this time and somebody you can use the time if you want to 472 36:46.090 --> 36:54.100 for the first time and build that up again giving you a second -- news about the. 473 36:55.260 --> 36:57.390 Yes I'm sorry. 474 36:57.470 --> 36:59.030 I'm sorry. 475 36:59.310 --> 37:00.520 You have a question. 476 37:01.510 --> 37:08.460 When I say when I'm saying they have complete you said of the ad which gives you 24 more hours to do 477 37:08.520 --> 37:11.320 more new piece. 478 37:11.960 --> 37:14.300 Right Anderson it's been thirty six hundred seconds. 479 37:14.340 --> 37:14.450 Uh 480 37:17.510 --> 37:27.470 that is the lifetime baby paid the lifetime of your Isaac family is how much is six thousand four hundred 481 37:27.470 --> 37:28.010 seconds. 482 37:28.500 --> 37:34.880 Yeah Isaac our lifetime is eighty six thousand four hundred seconds. 483 37:35.180 --> 37:41.360 Just 24 hours until 24 hours the first and last days in which more you 484 37:44.330 --> 37:47.660 get more than a little bit more. 485 37:49.280 --> 37:55.400 After that the goes down comes back up again with what I believe and I said repeatedly didn't use it 486 37:55.400 --> 37:56.310 for 24 hours. 487 37:56.310 --> 37:58.300 Now think about the hacker's point of view. 488 37:58.340 --> 38:06.320 He goes and tries to read that though he gets a key after let's say let's say he uses to on the ballot 489 38:06.350 --> 38:10.310 he gets a key in three months comes back up again. 490 38:10.380 --> 38:12.910 This is useless. 491 38:14.300 --> 38:19.790 When I do that even if he guesses the DEA material they can knock three months that will take him years 492 38:19.790 --> 38:24.200 to do even if he does that and he comes back the other day. 493 38:24.470 --> 38:25.610 There's no point of doing it. 494 38:25.640 --> 38:27.760 Maybe one detail has already tense. 495 38:28.970 --> 38:30.640 Absolutely secure. 496 38:32.120 --> 38:37.560 You see the equity that is what exists just a couple of random numbers. 497 38:39.190 --> 38:42.710 So yeah how many different combinations. 498 38:42.710 --> 38:48.890 So once it changes it just you still have 1 0 2 4 bytes but different 1 0 2 4 bytes Monday same before 499 38:49.310 --> 38:55.760 a different one some key even if one one key says that one bit says it's a different key it's a different 500 38:55.810 --> 38:56.160 even 501 38:59.430 --> 39:00.870 they do understand. 502 39:01.560 --> 39:06.300 It's a combination of locks for example the combination of locks. 503 39:06.420 --> 39:07.980 Let's talk about three blocks. 504 39:08.040 --> 39:09.500 There's three blocks. 505 39:09.540 --> 39:13.130 I have something like 0 0. 506 39:13.200 --> 39:15.950 My key is one I know this is too obvious. 507 39:16.050 --> 39:18.360 0 9 9 1 9 9 is my key. 508 39:19.110 --> 39:21.060 Hey look let's have another bit yet. 509 39:21.250 --> 39:29.130 I keep it as 1 1 1 9 9 is my key guy comes today he tries to solve it making is 1 1 9 0 5 different 510 39:29.130 --> 39:38.820 combinations he's 0 0 1 0 0 0 2 0 0 2 Let's say he reaches 1 reaches this point might be 1 he reaches 511 39:38.820 --> 39:46.790 the point the 1 1 0 0 he was close but it is 2 1 1 0. 512 39:46.920 --> 39:54.990 May I come back again the next day 24 hours I'll come back again I change it let's say I'll change it 513 39:55.830 --> 40:04.710 to zero I think only 1 0 1 9 it goes right again he's trying to number 1 1 514 40:08.350 --> 40:14.710 standing he still has to go through all the combinations again never reaches the end it starts so he 515 40:14.710 --> 40:22.280 has to start from the beginning which will take him not one day obviously they can be to do that was 516 40:22.550 --> 40:30.340 just telling you even at one meetings this is a new day it's material by the way and encryption was 517 40:30.340 --> 40:36.350 happening yesterday is that the way the encryption is happening today you said if it was B today you 518 40:36.360 --> 40:44.920 see the key I sensed so good I'd work on the same material if he uses both of them and he plans to find 519 40:44.920 --> 40:50.080 out the key he can get different materials right because it will be yesterday two days he will not be 520 40:50.080 --> 40:52.120 able to find any intelligent data out of 521 41:07.200 --> 41:08.460 relative the size of the black he 522 41:12.040 --> 41:20.110 that is the size of the black one zero before well using for encryption and then in the first six packets 523 41:21.050 --> 41:31.010 you are using it as a charity that's how much is the size of the three let's keep this hesitate as 168. 524 41:32.280 --> 41:34.270 So do you think wonder do what I want to. 525 41:34.320 --> 41:41.430 There is a difference made so that he picks that one data before he takes 160 admits using that 526 41:47.220 --> 41:54.050 everybody read about the exchange very important from every perspective out there. 527 41:54.390 --> 41:55.170 This is a very very 528 41:58.430 --> 42:02.790 damning 24 hours for the first time. 529 42:03.570 --> 42:10.120 The second one is how much 36 seconds for each but that never goes down. 530 42:10.220 --> 42:12.310 The second battle never goes off. 531 42:12.960 --> 42:20.630 This day that it just needs getting more data gets the key in these three things move the key needs 532 42:20.630 --> 42:27.690 which mechanism to use that to have that instant is doing of good. 533 42:28.040 --> 42:31.190 Keep this in mind let's take a break. 534 42:31.190 --> 42:37.170 After that we'll configure our first IP system and see how it works. 535 42:42.010 --> 42:49.160 These are going to be that the policy that I'm going to be working on today and stamp from this B.S. 536 42:49.210 --> 42:56.450 inside to my main job is that my private networks communicate each other to private networks and then 537 42:56.450 --> 42:58.140 I thought I did that too. 538 42:58.590 --> 43:01.500 The objective is on this B.S. easy to do. 539 43:01.650 --> 43:06.900 You should think then I do I do that too and it's that it should reach the other side. 540 43:07.730 --> 43:17.200 The stabbing let's go and configure and take these see Internet 0 0 IP address addresses stand for for 541 43:17.710 --> 43:18.230 say one 542 43:21.390 --> 43:26.760 except that he said about running words for that for that. 543 43:28.610 --> 43:30.390 They're giving this guy an IP address 544 43:34.090 --> 43:38.440 and given a default that works from the same inside one. 545 43:38.490 --> 43:41.920 This you one ever given any thought about same config words. 546 43:42.110 --> 43:44.840 I go ahead and concede that I do 547 43:53.540 --> 43:54.720 twenty dollars. 548 43:54.740 --> 43:59.850 The inside networks that do that do that too. 549 44:00.310 --> 44:03.740 One is the internet so I have a public address on the outside interface. 550 44:03.810 --> 44:05.990 It is 151 let's say 20. 551 44:08.540 --> 44:10.360 Gravity talked about on the set. 552 44:11.430 --> 44:14.880 I don't have a for that pointing towards the internet. 553 44:14.900 --> 44:18.820 One fifty one but let's say that is 20 that day. 554 44:19.400 --> 44:20.660 They say the Internet is that thing. 555 44:20.660 --> 44:23.320 Some of it is happening right now. 556 44:23.320 --> 44:33.130 Then to be one I should be able to go to the inside when they do the same exact thing that I absolute 557 44:37.850 --> 44:39.950 zero one is the one or is putting words inside. 558 44:39.960 --> 44:40.850 P.S. to 559 44:45.900 --> 44:50.920 had the inside one place at the inside of the Internet is 151. 560 44:50.920 --> 45:02.310 That would be god for those that had a default without spending fifty one that forty for deduction. 561 45:02.560 --> 45:08.340 Now again I give IP addresses you might have seen in a lot of my other videos. 562 45:09.060 --> 45:14.330 The way I do it and all the labs is that all my public addresses whenever I am configuring it I'll always 563 45:14.340 --> 45:19.370 type them one by one fifty I wanted to document. 564 45:19.390 --> 45:22.130 Then depending upon where I'm connecting to. 565 45:22.130 --> 45:30.040 If this was for example I the if I had given those names to my address would be 150 but one dark 23 566 45:30.220 --> 45:38.710 that zero slash 24 means I'm connecting to the three I to go out and my host name would be dot to here. 567 45:38.870 --> 45:46.460 That's the number of these two guys 151 not 34 4.0. 568 45:46.960 --> 45:49.700 This end would be 34 that reads them would be 34. 569 45:51.990 --> 45:58.990 I you my ask 34 they could also be 43 34 for DC I choose the lower number 570 46:01.850 --> 46:06.410 23 932 23 943 34. 571 46:06.910 --> 46:12.160 Since this is the internets I've chosen this path to be 40 and 20 and the hostname will be the same. 572 46:12.160 --> 46:19.280 So the horse name here would be that there those name here would be dark for that for that for 573 46:22.990 --> 46:26.130 today that's not too bad for that foot. 574 46:26.370 --> 46:32.830 And here I'm keeping this is the international user I keep the Internet as Dr.. 575 46:33.180 --> 46:35.520 Let's go ahead and finally reconfigure the Internet 576 46:44.110 --> 46:47.830 interface FOMC with zero 151 that 20 back then 577 46:53.510 --> 46:54.230 started at 578 46:57.840 --> 47:00.130 for about nothing is it quiet here. 579 47:00.250 --> 47:01.370 This is the Internet. 580 47:01.410 --> 47:05.670 We'll get a traffic jam 20 forwarded to 44 be forwarded back to. 581 47:06.150 --> 47:09.000 This is the only guy in the military doesn't declared it out. 582 47:09.030 --> 47:13.260 Yes if it was so five find out that they were burned out. 583 47:13.450 --> 47:21.430 Most of the times what I think there's a drunk BGP but our job is to make it as simple as possible because 584 47:21.430 --> 47:22.510 we don't want to do this bad. 585 47:22.510 --> 47:23.830 We want to do the tunnel. 586 47:24.610 --> 47:26.690 The other part as simple as it is. 587 47:26.710 --> 47:27.270 Do that. 588 47:29.070 --> 47:29.660 OK. 589 47:29.880 --> 47:31.180 Now this is done. 590 47:31.320 --> 47:34.240 We went and set up our festival. 591 47:34.300 --> 47:42.000 The first thing that you always said is whether the sites do they have the ability to each other. 592 47:42.340 --> 47:46.380 Can I do reach out for it you will live it cannot be tapped or fairly will not be able to start to his 593 47:46.390 --> 47:46.790 eyesight. 594 47:46.810 --> 47:49.800 That makes sense. 595 47:49.870 --> 47:55.810 The first thing that you do is you work like you and I have to see the other side is up 150 and that 596 47:55.960 --> 47:56.910 would be dog food. 597 47:57.400 --> 47:59.570 Output is at 42 Below 598 48:02.510 --> 48:05.810 it is through the Internet. 599 48:05.870 --> 48:11.660 I boost up in the food I boost up in through the Internet. 600 48:11.680 --> 48:14.270 It is not that difficult you can just do. 601 48:14.440 --> 48:19.280 I think you just connect to the Internet you should be able to reach the line with the other guy has 602 48:19.280 --> 48:23.200 also a line and these lines and you have all these links very connected. 603 48:23.820 --> 48:25.930 Just need to be part of your words your ISP 604 48:29.220 --> 48:34.710 good thing about the communication is that the next thing that I'm going to do is I'm going to make 605 48:34.710 --> 48:41.520 sure I'm going to make sure that the terminal is set up. 606 48:41.520 --> 48:50.310 Now there are five steps for visiting and I said that depending upon the packets configure it like exactly 607 48:50.310 --> 48:51.980 like we can figure it out packets. 608 48:52.050 --> 48:59.660 We saw the packet since the first two packets within the set of policies so we need to configure those 609 48:59.660 --> 49:00.830 set of policy. 610 49:02.920 --> 49:09.750 Let's say this is configuring it on the set of policies. 611 49:09.750 --> 49:12.230 The command is crypto Isaac and policy. 612 49:13.950 --> 49:15.780 Then you give it the number 10. 613 49:16.000 --> 49:17.940 There is no doubt the Aborigines. 614 49:18.300 --> 49:19.210 Initially 615 49:22.980 --> 49:24.030 I said down policy. 616 49:24.060 --> 49:26.860 Then you give it the number. 617 49:26.950 --> 49:28.540 Now this is reality. 618 49:28.560 --> 49:29.580 I'll explain what that is. 619 49:29.580 --> 49:32.520 When we do this is used when you have more than one demonstrator. 620 49:33.510 --> 49:39.810 So you keep begging for 1 for the other 130 for the other night and will be given a higher priority 621 49:40.380 --> 49:44.490 but really doesn't make much of a difference if you have only one number you choose. 622 49:44.490 --> 49:45.800 It doesn't make any difference. 623 49:45.810 --> 49:50.810 It's local this value then here is local you can find it here. 624 49:50.830 --> 49:51.860 Could be on the other side. 625 49:51.870 --> 49:54.810 It would not make much of a difference. 626 49:55.260 --> 50:01.100 I'll show you how it makes a difference when we do a couple of months at the same time. 627 50:01.530 --> 50:04.430 So now let's see Austin. 628 50:05.620 --> 50:10.620 How do you define the rest of the parameters I want to show you all of this yet because I want to show 629 50:10.620 --> 50:14.660 you the options that you get under this set configuration. 630 50:15.310 --> 50:21.480 So you have the options that you get what encryption through the type of encryption that you want to 631 50:21.480 --> 50:28.260 use to the battle group that you will be using the hashing mechanism that you're using authentication 632 50:28.260 --> 50:29.000 mode. 633 50:29.040 --> 50:33.190 This is not the key is authentication more cliched to begin began. 634 50:33.410 --> 50:35.010 Also known as addresses signatures 635 50:37.800 --> 50:43.350 and you can specify the lifetime what is the lifeline by default. 636 50:44.610 --> 50:51.610 Eighty six thousand four hundred seconds for Isaac the book is read and do that encryption. 637 50:51.710 --> 50:57.630 You can choose any one of the three as everyday authentication. 638 50:57.830 --> 51:02.750 You can choose please share what I said I choose PRICHEP right now. 639 51:03.180 --> 51:03.840 Okay. 640 51:03.900 --> 51:11.080 Group 1 to 5 the size of the keys and just 2 which is 1 0 2 4 5 is 1 5 3 6 1 768. 641 51:13.170 --> 51:13.780 Okay. 642 51:13.820 --> 51:18.420 Only what the hashing mechanism do you want to use B favor. 643 51:19.720 --> 51:32.430 That's say I use some super balances that I choose I said encryption device authentication we shared 644 51:34.650 --> 51:35.380 hash. 645 51:35.540 --> 51:38.270 I said stop and group 646 51:41.390 --> 51:42.760 and this is sending this packet 647 51:46.020 --> 51:48.500 back and I would send it back and he was handed 648 51:52.760 --> 51:55.190 it enough. 649 51:56.120 --> 51:58.520 So first and second that the third and fourth 650 52:01.430 --> 52:02.750 we need to do anything. 651 52:02.750 --> 52:05.660 The first and second both through the third and fourth package. 652 52:05.660 --> 52:10.100 We don't care about what is the fifth package. 653 52:10.300 --> 52:14.560 He said he to members since I'm using BSG here. 654 52:14.570 --> 52:15.660 I need that reset. 655 52:15.710 --> 52:20.010 Yes I need to specify that we should always specify every. 656 52:20.150 --> 52:20.880 That is step to 657 52:24.510 --> 52:27.290 stop the spell. 658 52:27.880 --> 52:28.700 Isaac. 659 52:29.930 --> 52:35.390 He said that he is Cisco and you need to specify the address of the year. 660 52:36.080 --> 52:39.760 What is the address of the bit. 661 52:39.910 --> 52:42.540 Probably 150 died one night before he died. 662 52:42.740 --> 52:45.590 So why do you need to specify the address of the fear. 663 52:45.590 --> 52:48.010 Because tomorrow you can have one. 664 52:48.200 --> 52:49.330 You can have more than one. 665 52:49.790 --> 52:58.770 So you would have I do creating a tunnel with an eye for an eye to creating a dungeon lets say without 666 52:58.770 --> 52:59.470 fail. 667 53:00.320 --> 53:02.570 Maybe in this exchange you are using Cisco 1 2 3 668 53:08.900 --> 53:16.700 that is maybe when you're creating a deal between not going out for you using the PSG of Cisco but then 669 53:16.720 --> 53:18.070 you're doing it without a fight. 670 53:18.080 --> 53:21.860 You're using what Cisco wanted. 671 53:22.100 --> 53:25.670 That's all you need to specify the addresses that going to this address. 672 53:25.670 --> 53:26.250 Use this key 673 53:29.420 --> 53:32.060 using that critical point. 674 53:32.570 --> 53:37.630 Our fixed IP address is the place to speak. 675 53:37.650 --> 53:48.840 There is no single instance of component of the listed as we go to this is. 676 53:49.600 --> 53:51.300 No. 677 53:52.690 --> 53:53.340 It's not a 678 53:56.340 --> 53:58.070 private address I understand. 679 53:58.290 --> 53:59.560 And is that what you're saying. 680 53:59.790 --> 54:04.700 Does your ISP out at the ISP service. 681 54:04.800 --> 54:06.100 What you're saying is you don't have any. 682 54:06.100 --> 54:14.900 You're saying it and behind the SCADA networks I said not to go to back to us and explain this what 683 54:14.900 --> 54:15.280 is it. 684 54:16.070 --> 54:21.320 As long as then that conduct can reach this network everything is okay. 685 54:21.500 --> 54:28.600 Right now you're done between these two devices. 686 54:30.520 --> 54:32.010 You want to do it here. 687 54:32.310 --> 54:33.640 Why go to the ISO here. 688 54:34.060 --> 54:39.240 So you do not think what to stop it. 689 54:39.600 --> 54:41.530 No no no. 690 54:41.550 --> 54:43.160 You can go until the end. 691 54:43.530 --> 54:48.410 The AC cap is not necessary you do it only with the public eye piece remove the barrier but you need 692 54:48.410 --> 54:55.280 to monitor that because it needs to go out through the internet like you understand. 693 54:55.880 --> 55:02.280 So what you have to worry about is what I said come back it's now put your concentration here your eyes 694 55:02.320 --> 55:09.850 come back it's going to look like what going from one fifty one not 20 dog to do 695 55:13.410 --> 55:16.820 and then you have your GBP 500 500 and then the AC cap 696 55:20.350 --> 55:22.000 then the actual ice again. 697 55:22.420 --> 55:24.740 That's why I need to specify the address of the bed. 698 55:24.750 --> 55:32.270 I'm saying for this address for this this nation address use the key used to be a scarce system. 699 55:32.460 --> 55:33.720 You might have another beer. 700 55:35.130 --> 55:37.750 So when he's going to that address he'll use a different 701 55:42.570 --> 55:42.930 word. 702 55:43.440 --> 55:46.390 So you specify that key and we do that again here. 703 55:46.470 --> 55:50.480 Now for this part of the question mark doesn't look when you're doing this. 704 55:50.490 --> 55:51.660 The question was will not work. 705 55:52.080 --> 55:53.750 So you have to write the whole command yourself. 706 55:53.800 --> 55:54.570 No no. 707 55:54.600 --> 55:55.910 Most of it. 708 55:56.500 --> 55:59.400 SISKEL to this question but does doesn't work. 709 55:59.430 --> 56:02.960 But you still have to address 151 that would be done. 710 56:03.100 --> 56:12.720 The president said that he works after that address but it doesn't work like this address 151 not so 711 56:12.730 --> 56:15.300 he got it. 712 56:18.930 --> 56:23.110 With specified that he gets 1 2 6 713 56:26.400 --> 56:36.010 6 then what is the seventh bracket on someone else's for the second time. 714 56:36.300 --> 56:43.830 Balances by the second act also known as IBC also known as sandstone set 715 56:47.000 --> 56:50.750 as well known as the Association. 716 56:52.160 --> 56:56.280 But also we also cannot answer them in terms of typing it. 717 56:56.380 --> 57:08.270 We call it transparency so you need to specify that you specify that this IP SEC fans from set and you 718 57:08.270 --> 57:10.650 name it something it's up to you what you name it. 719 57:10.660 --> 57:11.450 Quality set 720 57:14.160 --> 57:21.470 about this advanced concept that we have certain options available D had a look at these options. 721 57:21.470 --> 57:30.910 Whenever you see a smack in the middle of hashing mechanisms it is a and b face and shop. 722 57:31.040 --> 57:35.390 We will also see as the US does 723 57:38.060 --> 57:39.200 attention that despite 724 57:45.760 --> 57:46.150 and 725 57:51.270 --> 57:55.490 you can use these are the headers that you choose which header do you want. 726 57:55.660 --> 58:03.390 For the second time you wanted to be rich if you are there you can only use what only and be. 727 58:03.440 --> 58:05.260 There will be no interruption let's do that. 728 58:05.520 --> 58:06.790 Let's only use it. 729 58:08.530 --> 58:13.510 I will not use encryption in the first and then that I will change it but for the first time I will 730 58:13.510 --> 58:14.230 not use any. 731 58:15.670 --> 58:16.490 I am just using 732 58:20.570 --> 58:22.980 multiple dungeons until just recently. 733 58:23.020 --> 58:30.130 The problem is that I don't intend for the same interesting traffic not different traffic. 734 58:30.620 --> 58:33.940 Yes. 735 58:38.980 --> 58:41.500 Then I move from different ideas. 736 58:42.400 --> 58:49.030 I look for the different ISP types they can create two towns from two hours because that's when you 737 58:49.030 --> 58:51.040 will have the backup from the same ISP. 738 58:51.040 --> 58:55.600 There is no point of having the backup you can will not go down and that will be two different speeds 739 58:55.610 --> 58:58.090 to different levels. 740 58:58.720 --> 59:03.130 So now let's use what edge. 741 59:03.340 --> 59:06.220 I only use which one do you want to use. 742 59:06.250 --> 59:16.190 I used a shop that I use like the same size at each and debate and that's fine. 743 59:16.440 --> 59:19.230 Obviously this is just happening. 744 59:19.240 --> 59:21.710 This is just so when you see it's back in the air. 745 59:22.140 --> 59:26.240 There's just differentiating between which ones are you in that encryption algorithms and which ones 746 59:26.240 --> 59:28.300 that you should know better. 747 59:28.360 --> 59:31.270 See what you can do you don't specify only one vote. 748 59:31.350 --> 59:37.840 You were about to use ESPN behaving ESB then you only have these options in to one hashing mechanism. 749 59:37.900 --> 59:45.400 Now you need to do that encryption with them as they do things and then you can do. 750 59:45.400 --> 59:49.700 You can have more than one asking them to you have two. 751 59:49.810 --> 59:50.660 Yes. 752 59:50.710 --> 59:52.470 Which makes no sense. 753 59:52.840 --> 59:56.070 Which you most generally not do. 754 59:56.320 --> 01:00:01.110 Usually you just need one hashing mechanism and one encryption mechanism right now in our case I'll 755 01:00:01.120 --> 01:00:07.920 just use hashing around issue what's true what's inside of the packet and how it's open. 756 01:00:10.530 --> 01:00:14.710 And have been smashed together and they're not together. 757 01:00:14.720 --> 01:00:17.170 What are you finding. 758 01:00:17.550 --> 01:00:24.190 And if I've been shot even if I was wearing it. 759 01:00:24.350 --> 01:00:30.450 It's been five years and its ban shows engagement. 760 01:00:30.950 --> 01:00:31.980 That's what you're saying right. 761 01:00:32.040 --> 01:00:35.080 Mean if I was in DC I'd make anywhere here. 762 01:00:35.880 --> 01:00:38.400 It's not worth it. 763 01:00:38.630 --> 01:00:39.400 It's not. 764 01:00:39.410 --> 01:00:41.420 No it's not a different category. 765 01:00:41.420 --> 01:00:50.420 It's the same variant of beef I have and maybe it does show that the rabbit which a lot of the money 766 01:00:50.420 --> 01:00:57.310 you use to do that is asking which algorithm you are using by using shop. 767 01:00:57.420 --> 01:01:02.500 These are just two different environments depending upon which you want to use. 768 01:01:02.860 --> 01:01:04.200 So I chose which one. 769 01:01:04.670 --> 01:01:07.450 And besides had that that's going to be applied. 770 01:01:07.450 --> 01:01:09.580 No you're not going to be yes is going to be what. 771 01:01:10.160 --> 01:01:17.260 Which will have no powered up and grips and it only has powers to do it. 772 01:01:17.970 --> 01:01:23.340 That's actually just the integrity of the game that way. 773 01:01:24.440 --> 01:01:26.960 So step six seven eight nine. 774 01:01:27.020 --> 01:01:31.940 That's what I said because you've already chosen 775 01:01:34.660 --> 01:01:39.630 the band's concept he said. 776 01:01:39.770 --> 01:01:41.180 I said the. 777 01:01:41.270 --> 01:01:44.280 Some said yes. 778 01:01:44.680 --> 01:01:52.330 Then I said Okay I'm going to use H and the five steps step forward. 779 01:01:52.760 --> 01:01:55.540 Now you need to find out the way to link all of this together. 780 01:01:55.740 --> 01:02:01.280 You have configured it but you need to link it like it. 781 01:02:01.310 --> 01:02:13.020 The first thing that you have to do is specify the traffic that is going to be protected by using all 782 01:02:13.120 --> 01:02:14.280 these boxes. 783 01:02:14.290 --> 01:02:14.700 It's 784 01:02:19.190 --> 01:02:27.010 they're using proxy as a proxy as it is used to define what profit do you want to end up with traffic 785 01:02:27.010 --> 01:02:29.390 and make is one thing. 786 01:02:31.320 --> 01:02:34.130 Yes and no traffic going wrong. 787 01:02:34.490 --> 01:02:36.250 Then could argue that zero. 788 01:02:36.320 --> 01:02:37.010 Thank you. 789 01:02:37.830 --> 01:02:45.260 When to the other side which is tender for that food and then get that traffic in the easier light specify 790 01:02:45.290 --> 01:02:46.080 exactly that. 791 01:02:46.100 --> 01:02:47.270 I think that's OK. 792 01:02:47.570 --> 01:02:56.040 Access list one or one that may be coming from then back to Web 2.0. 793 01:02:56.060 --> 01:03:00.790 This whole network rendered did not for that product for this whole mess. 794 01:03:01.040 --> 01:03:02.320 This is my proxy. 795 01:03:02.330 --> 01:03:06.280 Here it is. 796 01:03:07.130 --> 01:03:07.900 That's a different thing. 797 01:03:07.910 --> 01:03:10.950 That's a topic for a different name when you do that. 798 01:03:12.740 --> 01:03:14.000 I understand the question is. 799 01:03:14.120 --> 01:03:20.270 But for now maybe the next thing after this that you're going to be that's the next step. 800 01:03:20.300 --> 01:03:23.500 Once you understand this completely then we move on additional step. 801 01:03:23.580 --> 01:03:33.790 That doesn't mean that I want you to understand the concept of what is hit when boxes feels that leather 802 01:03:33.800 --> 01:03:36.630 thing is like all of these together. 803 01:03:36.680 --> 01:03:41.180 Now you need to link all of these together and apply to any interface. 804 01:03:41.180 --> 01:03:41.980 I love this feature. 805 01:03:41.990 --> 01:03:46.730 My interesting graphic my policies my IP SEC transform said my team. 806 01:03:47.250 --> 01:03:55.730 You need to bind it together in a bundle that bundle is known as crypto map. 807 01:03:56.110 --> 01:04:04.610 Map is the bundle that links all of them together so we'll go here first of all I'll copy the access 808 01:04:04.610 --> 01:04:05.280 list. 809 01:04:09.210 --> 01:04:16.040 Then then I cleared the map crypto map valid anything just transform said the priority set this map 810 01:04:16.040 --> 01:04:18.620 you'll call something let's say a map. 811 01:04:18.620 --> 01:04:20.240 You need to give a sequence number here. 812 01:04:21.930 --> 01:04:24.030 And then use more than one time. 813 01:04:24.300 --> 01:04:27.040 You only have one but you just choose any random value. 814 01:04:27.560 --> 01:04:38.260 And then this map is linking what together is linking Isaac up embassies and IP SEC policies together. 815 01:04:40.010 --> 01:04:42.810 So the one which you're choosing is going to be IP second I said 816 01:04:45.900 --> 01:04:51.100 you're basically saying I'm reading the map with the name a map and this crypto map is going to link 817 01:04:51.190 --> 01:04:54.160 Isaac and policies and IP set transform set together 818 01:04:57.300 --> 01:04:57.550 okay 819 01:05:00.550 --> 01:05:06.360 Manuel is if you're not using any Isaac there's a certain there's a way that you don't use the first 820 01:05:06.360 --> 01:05:13.410 policies you can create a dummy without using the flash policies in which you specify the DB You can 821 01:05:13.410 --> 01:05:13.910 do that too. 822 01:05:13.920 --> 01:05:15.120 But right now we'll do that. 823 01:05:15.210 --> 01:05:16.970 This one is not used in it you would not. 824 01:05:16.970 --> 01:05:18.530 Why would you do that. 825 01:05:18.660 --> 01:05:23.440 Would you do it without the first time without a single photo. 826 01:05:23.840 --> 01:05:25.690 But you don't want to do that. 827 01:05:25.710 --> 01:05:30.620 They want to link Isaac M. and AP SEC both to that. 828 01:05:31.230 --> 01:05:31.860 How do you do it. 829 01:05:32.430 --> 01:05:34.070 I created the map. 830 01:05:34.320 --> 01:05:39.470 I need to call the pants on set in here which transforms that I'm using for this map. 831 01:05:39.480 --> 01:05:42.810 He said I'm moving. 832 01:05:42.850 --> 01:05:47.850 He said What is my address. 833 01:05:47.850 --> 01:05:48.810 Interesting traffic. 834 01:05:48.810 --> 01:05:51.550 What is my impression that it is one on one. 835 01:05:54.030 --> 01:05:56.310 I also need to set my beard. 836 01:05:57.670 --> 01:06:00.140 What is might be his address. 837 01:06:00.920 --> 01:06:02.060 30. 838 01:06:02.770 --> 01:06:04.150 Three things I need to do here. 839 01:06:04.740 --> 01:06:07.250 If I do it again. 840 01:06:07.460 --> 01:06:08.870 I just clicked on that by map. 841 01:06:08.890 --> 01:06:14.150 Then I'd be stuck I said that specifying that I'm linking the second I see them together. 842 01:06:14.280 --> 01:06:14.950 They do. 843 01:06:15.020 --> 01:06:24.300 Say said yeah 151 light 40 Dark Thirty that the match press one. 844 01:06:24.340 --> 01:06:33.310 Once I'm linking the ACL also and the other last part that I need to address said fans phones that way 845 01:06:33.770 --> 01:06:40.660 this year I'm binding my fans on set and binding my ACL and binding and I'm setting the pattern. 846 01:06:40.750 --> 01:06:42.950 I am not binding my eyes the policy number and 847 01:06:45.690 --> 01:06:47.590 that's done automatically by the group. 848 01:06:47.650 --> 01:06:52.090 Then you say it's an 80s like I said I put up the map so that I think of the condition it takes out 849 01:06:52.100 --> 01:06:59.490 the configuration for Isaac and takes it to the other side of the crypto map is up which state I would 850 01:06:59.490 --> 01:07:01.340 be Isaac. 851 01:07:03.510 --> 01:07:04.550 The last thing is what 852 01:07:07.940 --> 01:07:14.030 interface F is the one with the map. 853 01:07:14.430 --> 01:07:14.970 That's it. 854 01:07:15.030 --> 01:07:18.240 Then you read the 855 01:07:26.230 --> 01:07:26.610 immediate 856 01:07:29.710 --> 01:07:36.440 word no that is the sequence number and take the automatic legal and see how many sequences you have 857 01:07:36.680 --> 01:07:37.980 he standing to use them. 858 01:07:38.020 --> 01:07:41.480 Then you get them mandate. 859 01:07:41.640 --> 01:07:42.920 I have applied it to the interface. 860 01:07:42.920 --> 01:07:45.150 Let's check the whole process again. 861 01:07:45.270 --> 01:07:52.400 Interface at a 0 0 0 1 map I'm at app check it out and if the entity you should see that ISO capital 862 01:07:52.450 --> 01:07:58.030 department come up that doesn't mean your time is up. 863 01:07:58.070 --> 01:08:00.250 That means you're out there now is capable of doing see. 864 01:08:00.280 --> 01:08:01.090 Yep. 865 01:08:01.190 --> 01:08:04.150 It seems a bad idea but basically no takers. 866 01:08:04.170 --> 01:08:04.720 That's it. 867 01:08:06.120 --> 01:08:09.370 So if you receive the Baghdad report number 500 you'll accept it. 868 01:08:12.320 --> 01:08:14.940 On their website. 869 01:08:14.940 --> 01:08:18.240 Most of them on IP security services. 870 01:08:18.270 --> 01:08:25.920 It's already configured as of late but when you configure it basically you need a map upload somewhere 871 01:08:25.920 --> 01:08:27.040 for it to be up. 872 01:08:27.390 --> 01:08:35.120 Once it have the services has services that divided itself then you fill out the board numbers up except 873 01:08:35.130 --> 01:08:37.790 for the DCP. 874 01:08:38.140 --> 01:08:39.820 Then we should also see that through 875 01:08:47.110 --> 01:08:51.240 you file only port 67 is up. 876 01:08:51.480 --> 01:08:58.020 Now he's open for 500 30 members but also is allowed to use for extended regional fights against the 877 01:08:58.080 --> 01:08:59.410 nag which you're talking about. 878 01:09:00.290 --> 01:09:02.180 If there is nothing happening he'll use 45. 879 01:09:02.190 --> 01:09:03.790 I'll explain how that works. 880 01:09:03.890 --> 01:09:10.580 Let's see 500 500 for those investors who have come up with you know that you can expect the package 881 01:09:10.590 --> 01:09:11.420 coming into port. 882 01:09:11.420 --> 01:09:12.750 No I mean 883 01:09:16.300 --> 01:09:19.680 we're ready to do on the other end. 884 01:09:20.120 --> 01:09:21.890 Same exact steps. 885 01:09:22.130 --> 01:09:23.800 Let's see how much is the same. 886 01:09:25.130 --> 01:09:26.480 I make a change in the policies 887 01:09:30.320 --> 01:09:34.090 I would happily accept the evidence. 888 01:09:34.100 --> 01:09:38.210 What about the key. 889 01:09:39.830 --> 01:09:47.610 The advice is different from the other side the advice is different which is ripped from the dark. 890 01:09:49.840 --> 01:09:55.630 This us about the transition that has to be described the same way we'll get step read. 891 01:09:55.640 --> 01:10:06.470 Which projects six and seven seven and eight seven and eight stands on set headed the same. 892 01:10:06.470 --> 01:10:12.460 What about the boxes you. 893 01:10:13.560 --> 01:10:22.170 They will flip it will flip from source to destination often. 894 01:10:23.450 --> 01:10:32.680 I feel like my food bank stance will pay for rent then it will be flip. 895 01:10:33.000 --> 01:10:34.110 The last step put them up 896 01:10:38.020 --> 01:10:41.560 here it is by that expense. 897 01:10:41.680 --> 01:10:43.070 That's how it has to be admitted. 898 01:10:47.840 --> 01:10:48.230 No. 899 01:10:48.630 --> 01:10:49.400 I'll explain why. 900 01:10:49.470 --> 01:10:51.940 I'll explain how this works. 901 01:10:52.160 --> 01:10:54.180 I get them out. 902 01:10:54.180 --> 01:10:55.940 Does anything change yet. 903 01:10:56.440 --> 01:11:00.960 This number is the same because I'm using one of these that name is the same because I'm using the same 904 01:11:00.960 --> 01:11:01.320 here. 905 01:11:01.560 --> 01:11:04.040 I need to do the bit of that too. 906 01:11:04.170 --> 01:11:14.010 I did that with the last step is applying it on the interface which also means that you don't have to 907 01:11:14.070 --> 01:11:19.630 pay a bit before I do that. 908 01:11:19.690 --> 01:11:20.300 Let me take it. 909 01:11:20.310 --> 01:11:21.690 What numbers are open. 910 01:11:24.390 --> 01:11:27.170 Only 67 isn't. 911 01:11:27.800 --> 01:11:34.980 I decided to do the whole thing to see how much it can take. 912 01:11:37.440 --> 01:11:44.800 So as I was saying I think I'm busy on social media. 913 01:11:46.220 --> 01:11:54.290 I've ended in 45 I did not see the whole process of how it looks and I showed them this that I've actually 914 01:11:54.440 --> 01:11:55.980 done worse. 915 01:11:56.700 --> 01:12:00.390 The fact is going to come from there from the inside. 916 01:12:01.080 --> 01:12:09.400 It will look like then to who was trying to communicate with them for fear for this packet comes back 917 01:12:09.420 --> 01:12:19.990 to when it comes to I do I do does stab the dumb bird have I uploaded this crypto map route interface 918 01:12:24.210 --> 01:12:31.570 this tournament only started when this packet hits this interface and when will it make the database 919 01:12:32.030 --> 01:12:37.320 read it has done that out look up already many it does seem that the outgoing interface for this traffic 920 01:12:37.380 --> 01:12:47.580 is at 0 1 0 0 0 whichever it is one hope so I'll get that not for 4 does not belong on the Internet 921 01:12:48.510 --> 01:12:53.730 you should have a d d far out here which points because to be farther out this packet will be doubted 922 01:12:53.730 --> 01:13:00.740 whether through the outside into these the moment it's about to leave the movement it's about to leave 923 01:13:00.740 --> 01:13:04.750 from the outside interface where do you see that crypto map 924 01:13:08.800 --> 01:13:13.640 where the first statement is match address 925 01:13:16.550 --> 01:13:16.980 one or one 926 01:13:20.260 --> 01:13:28.860 does this topic matter best when no one matches that it is right not to do I'm not sure if it matches 927 01:13:28.860 --> 01:13:35.070 that address this bag it is kept on hold it's not allowed to go out if it doesn't match it's allowed 928 01:13:35.070 --> 01:13:35.500 to go up 929 01:13:38.480 --> 01:13:44.330 but if it matches it's kept on hold a separate package is created. 930 01:13:44.380 --> 01:13:45.460 What does that racket package. 931 01:13:46.870 --> 01:13:53.800 I suggest a separate package is created which goes from the public source of you 932 01:13:57.060 --> 01:13:58.300 and the destination. 933 01:13:58.310 --> 01:14:00.440 Where does it get this destination from. 934 01:14:01.400 --> 01:14:06.210 You said you had a commander moment in the set where I said something in the crypto map. 935 01:14:06.450 --> 01:14:10.820 When you go to the crypto map you see the Central Command at 151 Where do you go. 936 01:14:10.860 --> 01:14:14.900 This is where he gets to the destination for five years ago. 937 01:14:15.030 --> 01:14:19.210 So he sends the packet to 150 one bag. 938 01:14:19.910 --> 01:14:21.130 So be dog food. 939 01:14:21.150 --> 01:14:27.600 This was 20 that could be 500 500. 940 01:14:27.600 --> 01:14:28.560 Now there's the first bag. 941 01:14:28.590 --> 01:14:30.800 So what will be inside it. 942 01:14:30.850 --> 01:14:32.040 What will be inside the Asuka 943 01:14:35.950 --> 01:14:37.160 so it goes here. 944 01:14:37.300 --> 01:14:44.230 He replies then the whole exchange takes place on the same UDP 500 between the same fears and then back 945 01:14:44.280 --> 01:14:44.730 number 9 946 01:14:48.220 --> 01:14:52.640 after the bag number 9 is done by the end of all this exchange. 947 01:14:53.380 --> 01:14:58.720 Both of the ends will have the key both of the ends have the key 948 01:15:01.520 --> 01:15:08.460 and they know which mechanism that using right now they're using what can only and be faced here until 949 01:15:08.480 --> 01:15:10.220 the edge empty. 950 01:15:10.520 --> 01:15:14.440 Now this packet should be allowed to go out just like this as it is. 951 01:15:14.860 --> 01:15:16.710 It cannot go out as it is. 952 01:15:16.790 --> 01:15:18.430 It did not reach the destination. 953 01:15:19.940 --> 01:15:23.840 It's a private private witness but since 954 01:15:27.060 --> 01:15:34.770 yeah get as specific as you want as long as it hits that ACL it will stay the night. 955 01:15:34.810 --> 01:15:36.510 Now you can see that. 956 01:15:37.030 --> 01:15:41.900 Let's have a look at what happens to the actual impact that is going out then. 957 01:15:41.950 --> 01:15:46.630 1 1 2 2 1 2 then 4. 958 01:15:46.630 --> 01:15:49.850 So it cannot go out as it does it has to ground on a public base. 959 01:15:49.860 --> 01:15:51.590 They can sell a public address. 960 01:15:51.670 --> 01:15:54.330 So this first hashing will be done. 961 01:15:55.170 --> 01:16:03.990 So I headed comes here which is will tell me which one each on top of that another editor will come 962 01:16:03.990 --> 01:16:06.280 on right. 963 01:16:06.400 --> 01:16:11.110 Another item it has to go through the Internet. 964 01:16:11.320 --> 01:16:17.320 This will be based on the destination will again be the set one which is why we don't have much time. 965 01:16:18.100 --> 01:16:21.170 Okay so the SNB resources. 966 01:16:21.190 --> 01:16:22.840 What is the destination. 967 01:16:22.930 --> 01:16:29.970 Based on the idea which is what 151 Dark Thirty dug the source will be based on which source they are 968 01:16:30.030 --> 01:16:31.960 living which is this interface. 969 01:16:31.960 --> 01:16:33.590 So when did I do. 970 01:16:33.750 --> 01:16:35.800 Where do you go to before you got food. 971 01:16:35.860 --> 01:16:38.470 The good question is what comes to the Internet. 972 01:16:38.470 --> 01:16:40.330 The internet does the right thing based on which part 973 01:16:44.120 --> 01:16:51.320 it is the Internet job to make this packet reach the final destination. 974 01:16:51.320 --> 01:16:54.680 Your job is only to do the encryption the I with the public. 975 01:16:55.040 --> 01:17:00.880 Once you get the public hate it it is the Internet's job to take it with pride for the destination which 976 01:17:00.890 --> 01:17:07.260 you have specified in many it reaches out for the moment it reaches out for it. 977 01:17:07.630 --> 01:17:08.940 I thought it opens it. 978 01:17:09.020 --> 01:17:11.540 The public hated it because it was meant for them. 979 01:17:11.600 --> 01:17:18.050 Then he sees what the first thing that hits is what hurts them to open it whenever they declare 980 01:17:20.930 --> 01:17:24.360 a key to open the edge. 981 01:17:24.400 --> 01:17:32.980 That requires a key and maybe open checking for integrity first before doing anything else. 982 01:17:33.020 --> 01:17:37.920 I tell you that open it up see what's inside it. 983 01:17:38.060 --> 01:17:44.260 This is done better than that for this source and destination should exactly be a replication of his 984 01:17:44.760 --> 01:17:46.270 boxes. 985 01:17:46.390 --> 01:17:52.120 This should be the exact opposite because in decryption and use the opposite one in encryption would 986 01:17:52.130 --> 01:17:55.570 use the ordinary proxies. 987 01:17:55.970 --> 01:17:58.520 He knows that his proxy is something not for pretend not to. 988 01:17:58.970 --> 01:18:05.240 So then therefore pretend not to use do encryption and then appeal to them not for any to direct decryption 989 01:18:08.410 --> 01:18:09.740 nature indeed lips. 990 01:18:09.820 --> 01:18:10.520 Sexy as hell. 991 01:18:10.520 --> 01:18:11.430 Yes it does match. 992 01:18:11.470 --> 01:18:15.680 Coming from and not too willing to put that forward so it's matching the ACL also. 993 01:18:16.050 --> 01:18:17.600 He opens the packet. 994 01:18:18.030 --> 01:18:19.730 Thanks for asking if it is correct. 995 01:18:19.830 --> 01:18:26.090 The move this whole thing the backing does tend not to do that for the bag it is forwarded to with the 996 01:18:26.250 --> 01:18:28.490 inside the reverse package. 997 01:18:28.540 --> 01:18:34.810 The back is exactly the same again just quick recap of how it's going to be from that it done back it 998 01:18:34.810 --> 01:18:42.230 is going to come from where I'm going to what is going to happen on foot. 999 01:18:42.430 --> 01:18:48.370 The first thing is at would look up is going to look at that out of how to go to this destination. 1000 01:18:48.370 --> 01:18:57.370 How does it go to the destination for somebody who doesn't know debate and so it just forwards it out 1001 01:18:57.370 --> 01:18:58.820 to the outside interface. 1002 01:18:58.890 --> 01:18:59.830 The outside interface. 1003 01:18:59.830 --> 01:19:01.990 What is that. 1004 01:19:02.010 --> 01:19:05.060 I don't have a map. 1005 01:19:05.080 --> 01:19:06.470 The first command is magic. 1006 01:19:06.550 --> 01:19:07.480 Does it make it easier. 1007 01:19:08.290 --> 01:19:09.370 Yes it does. 1008 01:19:09.370 --> 01:19:11.690 Does it need to do the 90 packet exchange. 1009 01:19:11.710 --> 01:19:12.430 No he doesn't. 1010 01:19:12.430 --> 01:19:13.200 It's already that 1011 01:19:16.290 --> 01:19:16.900 no he doesn't. 1012 01:19:17.040 --> 01:19:20.180 He has the key and he has the key doesn't need the exchange. 1013 01:19:21.750 --> 01:19:22.730 So what does he do. 1014 01:19:22.740 --> 01:19:30.130 He adds that he does is hashing as the that on top of this one on top of that as the public order headed 1015 01:19:31.130 --> 01:19:37.710 they decide to put a command from that side the side that is ready to serve as the user interfaces and 1016 01:19:37.710 --> 01:19:39.970 forwarded to the Internet and forwards it back to life. 1017 01:19:42.110 --> 01:19:50.610 I will open this use the key to open the hatch take this from Ben not for men to then not do it for 1018 01:19:50.610 --> 01:19:52.380 them I do so if I were to the battle 1019 01:19:55.610 --> 01:20:01.740 rattle I would say he won his time talking privately to a private 1020 01:20:04.780 --> 01:20:21.590 NOPE NOPE NOPE NOPE NOPE NOPE NOPE NOPE NOPE NOPE NOPE NOPE NOPE. 1021 01:20:22.220 --> 01:20:33.590 You continue to what do you mean there now and then and delivery to the interface. 1022 01:20:33.850 --> 01:20:39.330 Once it crosses the interface once it reaches that I would look back and go before outlook look decryption 1023 01:20:39.460 --> 01:20:41.540 and hashing the hatching is done. 1024 01:20:41.800 --> 01:20:47.290 So obviously because you have to see what the addresses after when you reach the outside interface. 1025 01:20:47.410 --> 01:20:51.280 The process starts on the interface before it reaches that. 1026 01:20:51.720 --> 01:20:59.460 Why why why why why not. 1027 01:21:02.010 --> 01:21:05.720 You would have a delay because of Eclipse and ending it's enough as well. 1028 01:21:05.740 --> 01:21:13.510 But you can implement Cumulus solar panels then do that through the darkness and implement certain audience. 1029 01:21:13.720 --> 01:21:16.910 Yeah yeah yeah we do that too. 1030 01:21:17.790 --> 01:21:25.550 Okay so then this park they get. 1031 01:21:26.000 --> 01:21:28.630 Now let's have a look. 1032 01:21:28.630 --> 01:21:30.880 We have like 4 minutes left. 1033 01:21:30.880 --> 01:21:37.480 When I lose we'll have a look at the back exchange also which takes place and you see because the first 1034 01:21:37.480 --> 01:21:38.590 bucket is on hold. 1035 01:21:38.740 --> 01:21:43.030 The name back is go through the first one or two packets drop. 1036 01:21:43.470 --> 01:21:49.960 Then you send a ping which is obvious because being the BAM out is only 2 seconds later the replay doesn't 1037 01:21:49.960 --> 01:21:51.550 come back within 2 seconds. 1038 01:21:51.670 --> 01:21:57.070 It stays in the buffer for one second again the second for it from the third packet since the panel 1039 01:21:57.070 --> 01:21:58.670 is already part of the first time. 1040 01:21:58.750 --> 01:22:00.510 It goes like not nothing. 1041 01:22:00.520 --> 01:22:04.720 No communication is happening. 1042 01:22:05.350 --> 01:22:18.040 No I gotta tell you I have not see the dollar will not come up unless and until I initiate you somewhere 1043 01:22:18.430 --> 01:22:18.640 in 1044 01:22:21.960 --> 01:22:22.970 the moment. 1045 01:22:23.010 --> 01:22:26.100 Until I am saying the buy back it will not be good. 1046 01:22:27.190 --> 01:22:32.720 The battle will not be triggered if you check the command to take your first ever show crypto Isaac. 1047 01:22:35.370 --> 01:22:44.190 So the basic message there is not that this is the check the first basic item. 1048 01:22:44.230 --> 01:22:56.120 It's not that the by sector as it is the second one this is empty 9 percent no description. 1049 01:22:56.180 --> 01:23:00.650 This is digest and verified by just means flash. 1050 01:23:00.810 --> 01:23:06.400 But if I needs to verify the hash on the other side I think it's all clear. 1051 01:23:07.150 --> 01:23:08.980 So let's do this. 1052 01:23:09.210 --> 01:23:09.950 Bob. 1053 01:23:11.610 --> 01:23:16.630 I will send traffic first of all let's do that from then that Ford did not think then. 1054 01:23:16.660 --> 01:23:18.690 No one will think the public address. 1055 01:23:18.700 --> 01:23:20.980 Let's make sure that it is reachable. 1056 01:23:21.230 --> 01:23:27.880 That who is eligible so if you check the shop you sleeping bag is going to come forward to the public 1057 01:23:27.880 --> 01:23:29.100 addresses. 1058 01:23:29.470 --> 01:23:36.250 Then I'll send my interest in traffic from DC to everything. 1059 01:23:37.530 --> 01:23:40.970 Then back to Abu Dhabi. 1060 01:23:44.710 --> 01:23:50.320 You add something to that's at least the first two parties were dropped. 1061 01:23:50.380 --> 01:23:52.240 Third fourth fifth vote. 1062 01:23:52.870 --> 01:23:56.580 If you check what am I what am I going through. 1063 01:23:56.620 --> 01:23:58.130 What am I going to. 1064 01:23:59.790 --> 01:24:03.060 I'm going to I've done that for I think they're might do that. 1065 01:24:03.080 --> 01:24:05.420 But said that there was way on the other side of the way. 1066 01:24:06.960 --> 01:24:13.190 But I could Egypt do everything that I want to show you is what happens when you figure the moment you 1067 01:24:13.220 --> 01:24:17.680 think it would then that one pretend not to the first packet that leaves from the interface is not they're 1068 01:24:17.680 --> 01:24:19.880 not going to get knocked you I think that's what you did not do. 1069 01:24:20.590 --> 01:24:24.150 It's what you the. 1070 01:24:24.410 --> 01:24:28.910 Isaac back it's actual packet is kept on hold. 1071 01:24:29.170 --> 01:24:37.040 Isaac is initiated from the public address of that guy to the public address on the other day some 500 1072 01:24:37.060 --> 01:24:38.300 to 500. 1073 01:24:38.560 --> 01:24:44.260 This is the first packet second 7 4 6 7 8 and 9. 1074 01:24:44.260 --> 01:24:44.620 That's it. 1075 01:24:44.860 --> 01:24:47.220 I camp is only nine kids. 1076 01:24:47.470 --> 01:24:49.620 What do you think is the perspective. 1077 01:24:50.390 --> 01:24:51.310 Yes it 1078 01:24:54.170 --> 01:24:55.260 is open the budget and see 1079 01:25:02.880 --> 01:25:13.000 missing security associates and they get down to this job one day or two for a group which is dropped 1080 01:25:13.070 --> 01:25:14.880 to less kids. 1081 01:25:14.900 --> 01:25:16.120 I'm using a pretty shaky 1082 01:25:19.180 --> 01:25:23.510 back at number one who's ending it. 1083 01:25:23.530 --> 01:25:24.880 My phone is ending it's like two. 1084 01:25:25.420 --> 01:25:31.010 I thought this ending died too argue will will play with it. 1085 01:25:32.590 --> 01:25:41.020 Now I'm back at 6 somebody's face and tell them they know that energy is the key. 1086 01:25:41.420 --> 01:25:43.110 Also not the same. 1087 01:25:43.420 --> 01:25:48.990 They play comes the same so I almost you see the size of I get one and two is almost the same back in 1088 01:25:48.990 --> 01:25:53.570 number three and four similar size 340 64 this is my physical. 1089 01:25:53.570 --> 01:25:55.220 The public is exceeded. 1090 01:25:55.240 --> 01:26:01.100 If you take it you open it. 1091 01:26:01.750 --> 01:26:05.220 Where do you see them now. 1092 01:26:05.510 --> 01:26:11.500 Well when I see your notes that you know it's like 7 random amount of data. 1093 01:26:12.550 --> 01:26:12.820 Okay. 1094 01:26:13.270 --> 01:26:17.560 And this is an actual exchange which you will not be able to see the public keep as the mixture of the 1095 01:26:17.560 --> 01:26:20.230 public and the public. 1096 01:26:20.400 --> 01:26:22.710 No one's there before you want to be able to see what's inside them. 1097 01:26:25.310 --> 01:26:27.050 Who's ending it. 1098 01:26:27.090 --> 01:26:31.380 I thought his ending a diatribe sending him back the same thing. 1099 01:26:34.360 --> 01:26:40.680 But by the end of this exchange what happens on the other side of this evil trade secret. 1100 01:26:41.920 --> 01:26:43.910 Now what is the fifth packet 1101 01:26:47.250 --> 01:26:48.750 you escape. 1102 01:26:49.240 --> 01:26:51.690 But the good thing about this is it will be 1103 01:26:55.170 --> 01:26:56.300 nothing encrypted data. 1104 01:27:00.280 --> 01:27:02.440 You will not see it. 1105 01:27:02.700 --> 01:27:06.190 The escape you never see the best for. 1106 01:27:06.200 --> 01:27:09.510 You have the luxury of seeing it as sex dances. 1107 01:27:09.740 --> 01:27:15.870 Seven eight nine is quick more so security association here transforms it transforms that here. 1108 01:27:16.050 --> 01:27:17.080 The last is acknowledgment. 1109 01:27:17.090 --> 01:27:19.340 Only once they replace small party 1110 01:27:27.660 --> 01:27:29.560 take it up. 1111 01:27:30.670 --> 01:27:38.710 You might see it is not a good thing it just scrambled to keep the metal encrypted data is encrypted. 1112 01:27:38.770 --> 01:27:45.590 I know it's the same noise but just stumbled so it becomes the big A B becomes C and stuff on my iPhone 1113 01:27:48.650 --> 01:27:53.900 5 and 6 132 is also sending certain acknowledgements along. 1114 01:27:54.140 --> 01:28:01.490 It's not only just the key but initiate it also send certain other stuff which will see. 1115 01:28:02.370 --> 01:28:05.980 But the bottom part is if your key is mismatched the baggage will be stopped. 1116 01:28:06.000 --> 01:28:10.310 It is a fallacy that this major factor will be stopped within the first and the second. 1117 01:28:10.880 --> 01:28:11.950 And so and so forth. 1118 01:28:12.380 --> 01:28:18.430 And after that you have to back it right so that the difference between this thing and the old thing. 1119 01:28:18.500 --> 01:28:29.680 This was 1 1 4 bytes but this big is how much 1 5 8 bytes why the exhibits. 1120 01:28:29.830 --> 01:28:35.020 No it's not just one data it's another I had to on up of that left sixteen bytes of the idea that then 1121 01:28:35.020 --> 01:28:36.470 we have each for that in there. 1122 01:28:36.560 --> 01:28:44.340 If you actually opened this better than you want to see you can see it made to 3. 1123 01:28:44.650 --> 01:28:45.420 It starts from here. 1124 01:28:45.530 --> 01:28:50.030 I took a message that you'd actually hate it and not forward to doctor. 1125 01:28:50.250 --> 01:28:58.910 On top of that you'll see what it is which is hashing this quite good hashing values that you on top 1126 01:28:58.910 --> 01:28:59.210 of that. 1127 01:28:59.210 --> 01:29:05.020 You see what the public evidence that after routing will be done along the way. 1128 01:29:05.240 --> 01:29:06.660 And then you haven't eaten again. 1129 01:29:17.270 --> 01:29:22.970 So to modify the balance between not food and not so young. 1130 01:29:23.120 --> 01:29:31.050 So this is your second Tea Baggers have run through Tea Baggers have been an absolute and only absolute 1131 01:29:31.920 --> 01:29:40.770 so crypto Isaac at best is the first time state we know that if is an island state means linebackers 1132 01:29:40.770 --> 01:29:44.660 have gone through I mean I guess it the successful itself. 1133 01:29:45.020 --> 01:29:48.840 I say you should see what is going through that you can only see 1134 01:29:53.560 --> 01:29:54.530 bluntly of combat. 1135 01:29:54.560 --> 01:29:55.240 We yet. 1136 01:29:55.310 --> 01:29:56.060 If I say more 1137 01:29:59.020 --> 01:30:00.040 I send five more like 1138 01:30:05.600 --> 01:30:07.970 this means inspectors are going through this stuff. 1139 01:30:08.140 --> 01:30:11.170 They said the more information about this with me about that. 1140 01:30:11.170 --> 01:30:15.740 You talk about that from all of this but it tells you what you did more than five days which is pretty 1141 01:30:15.740 --> 01:30:21.500 bad for what your local end point is basically what am I going to add on top of this stuff. 1142 01:30:21.710 --> 01:30:24.060 There will be 20 down to 240 dog food. 1143 01:30:24.320 --> 01:30:29.080 And what traffic Am I interrupting. 1144 01:30:29.750 --> 01:30:32.300 I mean flipping traffic going something that food tend not to. 1145 01:30:32.660 --> 01:30:39.600 And certain other features and protection and stuff OK. 1146 01:30:39.870 --> 01:30:41.680 Should simple enough for today. 1147 01:30:41.810 --> 01:30:48.810 Your job would be to do what we did this with which was our ability to do this with. 1148 01:30:49.450 --> 01:30:49.700 Yes. 1149 01:30:50.500 --> 01:30:54.100 So while you're following the video follow it exactly as I'm doing it. 1150 01:30:54.350 --> 01:31:00.240 But instead of using it UCSB get 1151 01:31:04.320 --> 01:31:06.090 not even seeing it. 1152 01:31:06.110 --> 01:31:11.800 The best way to troubleshoot I guess if you guys wonder w should this and you want to see what happens. 1153 01:31:12.040 --> 01:31:17.700 Does this mean you're configuring it to the policy. 1154 01:31:17.930 --> 01:31:19.120 For example authentication. 1155 01:31:19.110 --> 01:31:22.620 Change it to the key and see that I've seen in the way of sharks. 1156 01:31:22.620 --> 01:31:26.790 He was back at his meeting last week General policy. 1157 01:31:26.820 --> 01:31:29.430 See this bag it is getting lost. 1158 01:31:29.580 --> 01:31:32.330 Sandra Brown swamps I don't see red as it getting. 1159 01:31:32.350 --> 01:31:33.290 Let's take. 1160 01:31:34.210 --> 01:31:35.980 Yeah. 1161 01:31:36.830 --> 01:31:37.630 Yes. 1162 01:31:37.680 --> 01:31:38.370 Choose which one. 1163 01:31:39.200 --> 01:31:43.450 I sure that the motto we get two buttons with the same wouldn't do that. 1164 01:31:43.690 --> 01:31:43.930 So 1165 01:31:48.120 --> 01:31:50.810 why is it that I'm more than what what 1166 01:31:53.530 --> 01:31:57.280 we send our members over to matches. 1167 01:31:57.280 --> 01:32:05.760 Best Band who said them first then 24 and 30 first band matches you take them with the newest band 1168 01:32:09.200 --> 01:32:12.500 so there's only one who can I have more than that today. 1169 01:32:13.070 --> 01:32:17.940 Well is that something you don't have to have sequence number one set match. 1170 01:32:17.990 --> 01:32:20.030 Yeah pretty much. 1171 01:32:20.800 --> 01:32:21.190 Yeah. 1172 01:32:21.440 --> 01:32:26.010 And looking at the maps the is configured first that would be the low road again.