Source Breadth
The Source Breadth factor measures how wide the source address range is. Broader source ranges mean more hosts are permitted to initiate the flow, increasing the attack surface.
Default max contribution: 25 points.
Scoring table
| CIDR Prefix | Base Points | With Public IP Bonus (+3) | Example |
|---|---|---|---|
| /0 (any) | 25 (max) | - | 0.0.0.0/0 |
| /1 - /8 | 20 | 23 | 10.0.0.0/8 |
| /9 - /16 | 15 | 18 | 172.16.0.0/16 |
| /17 - /24 | 8 | 11 | 192.168.1.0/24 |
| /25 - /31 | 3 | 6 | 10.0.0.0/28 |
| /32 (host) | 0 | 3 | 10.0.0.1 |
Public IP bonus
A +3 point bonus is added when the source address is a public IP - that is, it does not fall into any of these reserved ranges:
- RFC 1918 private space (
10.0.0.0/8,172.16.0.0/12,192.168.0.0/16) - Loopback (
127.0.0.0/8) - Link-local (
169.254.0.0/16) - Multicast (
224.0.0.0/4)
The bonus reflects the higher risk of allowing traffic from internet-routable sources compared to internal addresses.
Clamping
After adding the public IP bonus, the total is clamped to the factor's maximum (25 by default). For example, a /1 prefix (20 base) with a public IP bonus (+3) produces 23 points, not 25 - but a /0 prefix already hits the cap at 25, so no bonus is applied.