IP Address Blocking
Purpose, Bypassing, & Pros and Cons
IP address blocking, also called IP banning, configuring a network to refuse requests sent from specific IP addresses. IP addresses are blocked for multiple reasons, including to enforce standards for online behavior (e.g., a school restricting its students from accessing certain websites), protect networks against attacks, and censor access to information.
All devices connected to the Internet have unique IP addresses. Networks can log the IP addresses of any device from which their data is requested, enabling them to determine if the two have previously interacted, and, if so, when. This ability is used as part of a network’s “firewall” (security system) to deny access to addresses that have either been marked as undesirable or which show concerning patterns. For example, a firewall might notice that the user of an IP address is continuously failing to input the correct login information for its network—a telltale sign of a brute force hacking attempt—and temporarily deny that address additional opportunities for access.
An additional layer of network security is offered to UNIX-type operating systems by Transmission Control Protocol (TCP) wrappers. TCP wrappers are programs that check incoming traffic against host access or access control lists. The first list is in a file named /etc/hosts.allow and includes every IP address or host server authorized for access, while the second, /etc/hosts.deny, is a blacklist. Network services which protect themselves with TCP wrappers are described as “wrapped.” The benefit of TCP wrappers is that they can protect their systems against “spoofing” (falsification) by verifying the names and addresses of new visitors through forward- and reverse-DNS lookups. However, TCP wrappers do not offer data encryption or cryptographic authentication, and most cybersecurity experts believe that they should be used in addition to firewalls rather than as replacements.
Another common criterion of IP banning is the geographic origin of the address being checked. Firewalls can find out this information via Internet geolocation, wherein a lookup tool canvasses public databases to find out where IP addresses are registered. There are legitimate uses for blocking IP addresses on the basis of their owners’ locations—for example, media-streaming services like Netflix use geolocation to prevent customers in one region from accessing content that is only legally available in another—but the practice can also be unfairly discriminatory.
Precisely blocking IP addresses has its challenges. For example, the devices of guests at hotels are dynamically assigned IP addresses, which are then reused. Proxy servers, virtual private networks, anti-detect browsers, and The Onion Router (Tor) all disguise their users’ IP addresses. Many bad actors now use malware to control other computers—and use their IP addresses—without their owners’ knowledge. Users are also well within their rights to obtain a new IP address from their Internet service providers during the process of their DHCP lease renewals. Sometimes, the simple act of restarting one’s router or modem is enough to circumvent a ban, as the network will then assign that device a new address.
Various solutions to these problems exist. If multiple unwanted IP addresses share an IP address prefix, the prefix itself can simply be blocked, albeit at the risk of denying service to innocent users who share it. Many VPN services own a limited number of IP addresses that their subscribers share, so networks can block them by banning IP addresses accessed by multiple users. Proxy servers can be used defensively. Since firewalls are generally sold as products by cybersecurity companies, they are constantly being strengthened with new updates to counter whatever workarounds arise.
Many governments have also buttressed the integrity of IP bans by making their circumvention a criminal or civil offense. Repressive governments that use IP bans to stop their citizens from accessing outside information are obvious examples, but even in the United States, bypassing an IP ban was once considered an offense under the Computer Fraud and Abuse Act.
What's Your Reaction?