diff --git a/.jules/sentinel.md b/.jules/sentinel.md
index a506e02..339c53a 100644
--- a/.jules/sentinel.md
+++ b/.jules/sentinel.md
@@ -14,3 +14,7 @@
 **Vulnerability:** Even when blocking standard internal ranges (loopback, link-local, multicast, unspecified), other reserved IPs like the broadcast address (`255.255.255.255`) could still be targeted. Pinging broadcast addresses can lead to amplification attacks or unintended network noise.
 **Learning:** Python's `ipaddress` module separates `is_multicast` from `is_reserved` (which includes broadcast addresses). A comprehensive SSRF defense must cover all non-standard routing destinations.
 **Prevention:** Extend network block-lists to include `ip_obj.is_reserved` to catch broadcast addresses and other IETF-reserved network ranges that shouldn't be targeted in a standard scan.
+## 2024-05-24 - Unhandled TypeError when comparing IP versions
+**Vulnerability:** Comparing `ipaddress` objects of different versions (e.g., IPv4 and IPv6) raises a `TypeError`, which if unhandled, causes the application to crash abruptly (Denial of Service risk).
+**Learning:** `ipaddress` module's comparison operators (`<`, `>`, `<=`, `>=`) are strictly typed by IP version. They do not implicitly convert or handle cross-version comparisons securely.
+**Prevention:** Always validate that `ipaddress` objects share the same `.version` before comparing them, and catch `TypeError` alongside `ValueError` when parsing or manipulating generic IP address inputs.
diff --git a/testping1.py b/testping1.py
index fc3b689..1917f4b 100644
--- a/testping1.py
+++ b/testping1.py
@@ -91,6 +91,11 @@ def is_reachable(ip, timeout=1):
         start_obj = ipaddress.ip_address(start_ip)
         end_obj = ipaddress.ip_address(end_ip)
 
+        # 🛡️ Sentinel: Validate IP versions match to prevent unhandled TypeError
+        # Comparing IPv4 and IPv6 addresses raises a TypeError which crashes the script.
+        if start_obj.version != end_obj.version:
+            raise ValueError("start_ip and end_ip must be of the same IP version")
+
         if start_obj > end_obj:
             raise ValueError("start_ip must be less than or equal to end_ip")
 
@@ -100,7 +105,7 @@ def is_reachable(ip, timeout=1):
         if total_ips > 256:
             raise ValueError(f"Scan range too large ({total_ips} IPs). Maximum 256 IPs allowed per scan.")
 
-    except ValueError as e:
+    except (ValueError, TypeError) as e:
         logging.error(f"Invalid scan range configuration: {e}")
         exit(1)