Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

3.3 CIDR

Classless Inter-Domain Routing or CIDR is defined in RFC 1519. It was intended to make better use of available Internet addresses by eliminating different classes (like class A and class B). With the CIDR, you can define any number of bits in the netmask field, which was not possible with class-based networking where the number of bits was fixed. Using CIDR, network addresses are written using the number of bits in the netmask at the end of the IP address. For example, 192.168.1.0/24 defines a network with network address 192.168.1.0 with 24 bits in the netmask. A netmask with 24 bits is equal to 255.255.255.0. An individual host can be written using all of the netmask bits, i.e., 32. The following rule shows that only those packets that go to a single host with IP address192.168.2.113 will generate an alert:

alert icmp any any -> 192.168.1.113/32 any    (msg: "Ping with TTL=100"; ttl:100;)

All addresses in Snort are written using the CIDR notation, which makes it very convenient to monitor any subset of hosts.

  • + Share This
  • 🔖 Save To Your Account