Tag Archives: internet

Software Development, Technology

CIDR notation – Living in Net Block Hell

Leave a comment

CIDR… what is CIDR? No, it’s not something you drink. Although, given enough exposure to it, It’s something that makes me want to drink (hard) cider. Be that as it may, it’s an important part of my job, de-cidering, I mean, deciphering these cute little buggers.

So.. just what does a typical CIDR notation IP block look like? Well, it looks like this:

67.213.31.0/26

Now, you might be asking yourself, what, why and who cares? So, to answer your questions:

What:
Well, it’s a CIDR block dumba**, that’s what we’re talking about here. Oh.. what does it mean you might really be asking me. It means: Classless Inter Domain Routing. Or, in layman’s terms, it’s like a sort of Internet Zip Code, a method of sub-organizing the massive worldwide IPv4 addressing system (which amounts to approximately 4,000,000,000 addressable ‘systems’, not counting those massive blocks that are set aside for private network use, such as the infamous 192.0.0.0/24.

Why
Well, there is a good question. In the early 90s it became apparent that the number of free IP addresses would be depleted. The total number of IPs was large enough then, but because of routing issues, they could only be used in blocks. Now, those that are even slightly in the know, know, (heheh) that that entire pool of IPs is projected to be exhausted in early 2011. Yeah… that’s right, NEXT YEAR! But, IPv4 and the new IPv6 that supersedes it is another discussion for another time. Right now, were talking about Cider!, uh CIDR! So, trying to get back on point, the use of these CIDR blocks was a way for routing tables (in those things they call routers, imagine that) to store and organize large pools of IPs, or small pools of IPs as one might see fit.

Who Cares?
Anyone that deals with internet IP infrastructure cares. Now, since it’s my business (what I’m paid to do) is watch the ENTIRE Internet to make sure that:

  • DNS (oh.. dont’ get me started) works for corporations large and small. And yes, DNS hijacking is real, it happens, but not only that sometimes they are corrupted accidentally, and people like me designed the software the keeps track of that.
  • I’m able to do other things with this data that I can’t talk about, period. So don’t ask.
  • And, last but certainly not least, it’s just how us geeks communicate. So be it.

Now, why is it a pain in the ass? Well, simply, I need to accurately decode these CIDR blocks into IP ranges (what I do with them is a classified trade and operational secret, so don’t ask, I just need to do this). And to do so requires MATH!. Math… nothing wrong with Math, but it’s math that is to computationally intense for me to do it in my head. Primarily because it’s based on bits, 32 to be exact. Bits are those nasty little binary components of the real numbers the rest of you common mortals pretend you know what you are doing with.

I’m not going to try to explain why routers care about CIDR, I’m only going to say ONE of the things I care about most, re: CIDR blocks is getting the actual (true) IP range values from that short-hand notation.

So, let’s take the fictitious example I displayed before (67.213.31.0/26). I don’t know whom off the top of my head (I have databases to do that sort of stuff for me) that CIDR block might belong to (and it might belong to more than one organization), but let’s pretend that CIDR (the one I picked out of thin air) is relevant.

First things first.. we need to know what the block notation of 26 means, so we’ll start there. This part is called the ‘Network Prefix’. It signifies the number of bits (from the left) that identify the starting point of that network block. In this case, the first 26 bits determine the NETWORK and the last 6 bits ( 32 – 26 = 6 ) the HOSTS that are within that NETWORK.

So.. taking that number, 67.213.31.0 :

  • 01000011.11010101.00011111.00000000

    • and knowing we need the first 26 bits, which would be:

  • 01000011.11010101.00011111.00------

    • The starting address point is.. ta, da! 67.213.31.0
    uh.. OK.. so that’s not super illustrative.. but do the math anyway.

    OK.. next.. we know that we have a block of 6 bits to play with, starting at ‘0’. so the range is:
    .00000000 to .00111111

    Now.. doing that big of math we get (drum roll please…)

    0 (where we started in that net block) up to 63 (which is what 111111 binary means in base-10.

    THUS:

    The IP range calculation for this 67.213.31.0/26 is:

  • 67.213.31.067.213.31.63

    Now.. don’t you feel a little enlightened?

    Maybe next week, if I’m in a good mood, I’ll write a CIDR translator program and post it to my blog, but don’t hold your breath, unless you want to PayPal me a a $1000, then I’ll do it this weekend.

    • Cyber Crime, Technology

    Conficker – has the chaos started? (it’s April 1 in Melbourne)

    Leave a comment

    UPDATED:

    I recently received a link to the this analysis of the crime-ware.  Pretty sophisticated!!!  The Conficker Cabal is busy trying to measure it’s function and effectivness.  If you have the time, and the stomach for a tech article, I suggest you read this!

    SRI International – Techncial Report on Conficker C

    — MY PREVIOUS COMMENTS —

    Wow, I can’t believe I can still access the web?!?!   It’s already April 1st in Australia (right now :  Melbourne *Wed 4:50 AM)    and the entire internet has not collapsed!

    I’m trying my best to act shocked but…   I’m not a trained actor.   Maybe a few hours into April 1st is too early to call it but..  frankly..   I stand by my first post on this..   much ado about NOTHING!

    For entertainment factor, here are some more alarmist articles on the ‘threat’

    Conficker Worm: Hoax or Genious? — OS News

    Companies encouraged to take threat seriously — SC Magazine UK

    Conficker Worm: April Fools joke or ? —  NY Times Blog