Subnet and CIDR Basics for IP Range Lookups
Understand CIDR notation, IP ranges, and why security teams often block or allow networks instead of single IP addresses.
What CIDR notation means
CIDR notation describes a block of IP addresses using a prefix, such as 203.0.113.0/24. The number after the slash indicates how much of the address is fixed.
Smaller prefix numbers usually represent larger ranges. This is why a single rule can cover many addresses.
Why ranges matter
Attackers, crawlers, and cloud providers often use many IPs in the same range. Looking at only one address can miss a broader pattern.
At the same time, broad range blocks can create false positives if the network is shared by many legitimate customers.
Safe range policies
Start with narrow rules and expand only when evidence shows the whole range is involved. Keep notes about why each range was blocked or allowed.
Use IP lookup, ASN data, and logs to understand whether a CIDR belongs to a single source or a large shared provider.
Frequently Asked Questions
What does /24 mean?
For IPv4, a /24 usually contains 256 addresses, though usable host counts depend on context.
Should I block a whole subnet?
Only when the evidence supports it. Broad blocks can affect legitimate users.
Check an IP Address Now
Use the free Crafzo IP Lookup tool to check IP location, risk score, and AI-powered IP health.
Open IP lookup