[Dshield] Weird scanning, weird ports, weird TCP flags..

Jon R. Kibler Jon.Kibler at aset.com
Thu Oct 23 20:02:19 GMT 2003

Nick Harley wrote:
> This is a bit of a newbie question but I don't understand your range
> notation: "private address space and ranges like: 0/8, 1/8, 126/8, etc."
> Can anyone tell me how this works? I've seen it in other places as well
> but no one's really been able to give a good explanation.

CIDR (pronounced like the drink, "cider") notation. The number before the slash is the network number and the number after the slash is the number of bits in the network number.

Actually, I'm lazy... to be technically correct, I should give an entire network number; that is, 1/8 really should be written as -- in other words, all the IP addresses from through

For all the gory details, see RFC 1519.

You should probably also read RFC 1918 which discusses private address space (10/8, 172.16/12, and 192.168/16).

On the general subject of bogus non-routable addresses, you may want to visit:
which lists all the currently invalid IP address netblocks that you should block at your border.

Hope this helps.

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list