CIDR Notation
What is CIDR Notation?
CIDR NotationClassless Inter-Domain Routing notation expresses an IP prefix as an address followed by a slash and the number of significant bits, e.g., 10.0.0.0/8.
CIDR, introduced in RFC 1518 and RFC 1519 and refined in later RFCs, replaced the rigid Class A/B/C scheme of early IPv4. A CIDR prefix is written as an address plus a slash and a prefix length, such as 192.168.0.0/24 (the first 24 bits are the network portion, leaving 8 bits for hosts). The same notation applies to IPv6, e.g., 2001:db8::/32. CIDR enables route aggregation (supernetting), variable-length subnet masking, and finer-grained allocations than classful addressing. In security work, CIDR ranges are the unit of expression for firewall rules, security-group sources, BGP advertisements, and threat-intelligence indicators - so accurate CIDR hygiene directly affects exposure and detection.
● Examples
- 01
A cloud security group allows 0.0.0.0/0 to reach port 443 but only 10.0.0.0/16 to reach port 22.
- 02
An autonomous system advertises 198.51.100.0/24 instead of multiple /28 supernets.
● Frequently asked questions
What is CIDR Notation?
Classless Inter-Domain Routing notation expresses an IP prefix as an address followed by a slash and the number of significant bits, e.g., 10.0.0.0/8. It belongs to the Network Security category of cybersecurity.
What does CIDR Notation mean?
Classless Inter-Domain Routing notation expresses an IP prefix as an address followed by a slash and the number of significant bits, e.g., 10.0.0.0/8.
How does CIDR Notation work?
CIDR, introduced in RFC 1518 and RFC 1519 and refined in later RFCs, replaced the rigid Class A/B/C scheme of early IPv4. A CIDR prefix is written as an address plus a slash and a prefix length, such as 192.168.0.0/24 (the first 24 bits are the network portion, leaving 8 bits for hosts). The same notation applies to IPv6, e.g., 2001:db8::/32. CIDR enables route aggregation (supernetting), variable-length subnet masking, and finer-grained allocations than classful addressing. In security work, CIDR ranges are the unit of expression for firewall rules, security-group sources, BGP advertisements, and threat-intelligence indicators - so accurate CIDR hygiene directly affects exposure and detection.
How do you defend against CIDR Notation?
Defences for CIDR Notation typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for CIDR Notation?
Common alternative names include: Slash notation, Prefix length.
● Related terms
- network-security№ 1113
Subnet
A contiguous range of IP addresses that share a common prefix, defining a single broadcast domain and routing boundary on a network.
- network-security№ 553
IP Address
A numeric identifier assigned to a network interface for routing across IP networks: 32 bits in IPv4 (RFC 791) or 128 bits in IPv6 (RFC 8200).
- network-security№ 1136
TCP/IP
The four-layer Internet Protocol Suite that defines how packets are addressed, routed, fragmented, and reliably delivered between hosts across interconnected networks.
- network-security№ 1206
VLAN
A virtual LAN (IEEE 802.1Q) groups switch ports into separate broadcast domains by tagging Ethernet frames with a 12-bit VLAN ID.
- network-security№ 092
BGP Hijacking
An attack in which an autonomous system announces IP prefixes it does not legitimately own, attracting and potentially intercepting global Internet traffic.
- network-security№ 093
BGP Route Leak
An unintended BGP propagation in which an autonomous system advertises routes outside the intended business relationship, often steering global traffic into the wrong AS.