[Dshield] Weird scanning, weird ports, weird TCP flags..

Jon R. Kibler Jon.Kibler at aset.com
Thu Oct 23 20:02:19 GMT 2003


Nick Harley wrote:
> 
> This is a bit of a newbie question but I don't understand your range
> notation: "private address space and ranges like: 0/8, 1/8, 126/8, etc."
> Can anyone tell me how this works? I've seen it in other places as well
> but no one's really been able to give a good explanation.
> 

CIDR (pronounced like the drink, "cider") notation. The number before the slash is the network number and the number after the slash is the number of bits in the network number.

Actually, I'm lazy... to be technically correct, I should give an entire network number; that is, 1/8 really should be written as 1.0.0.0/8 -- in other words, all the IP addresses from 1.0.0.0 through 1.255.255.255.

For all the gory details, see RFC 1519.

You should probably also read RFC 1918 which discusses private address space (10/8, 172.16/12, and 192.168/16).

On the general subject of bogus non-routable addresses, you may want to visit:
	http://www.cymru.com/Documents/bogon-dd.html
which lists all the currently invalid IP address netblocks that you should block at your border.

Hope this helps.

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list