What I mean by a 'CIDR' is a network address specification in CIDR notation (more at the Wikipedia entry for Classless Inter-Domain Routing).

A 'proper' CIDR is one where the host address portion is all zero. It's easiest to see this for /8's, /16's, and /24's; for example, 128.100.0.0/16 is a 'proper' CIDR, with the last two octets zero, but 128.100.128.0/16 is not.

Every so often people argue for flexible interpretations of CIDRs that allow for 'improper' ones. This is a bad idea. Assuming that your software accepts something like '128.100.128.0/16' at all, what IP address range does it mean? There are at least three possibilities:

1. 128.100.0.0 to 128.100.255.255

The proper /16 that contains 128.100.128.0.

2. 128.100.128.0 to 128.101.127.255

A /16 sized address range starting at 128.100.128.0.

3. 128.100.128.0 to 128.100.255.255

The portion of the proper /16 starting at 128.100.128.0.

All three are plausible answers. Which one any particular piece of software uses depends on the implementation details of how it parses CIDRs. And of course this means that different programs you have, or your programs and my programs, may well have different views on what they cover.

Sidebar: it's probably best to write CIDRs out in full

It's popular to abbreviate CIDRs by leaving off zero octets that are part of the host address portion, for example writing '200/8' instead of '200.0.0.0/8'. Unfortunately, as someone found recently, not all software accepts the short form. And worse, not all software that doesn't really accept the short form will tell you about it; sometimes it will try to guess what it thinks you really meant and get it wrong.