Co-authored by Peter Tobey, Director of Marketing and Communications at IPv4.Global and Leo Vegoda.
A network can fence off its own IP addresses or block access to specific external addresses. Administrators frequently block access to their own IP addresses to prevent unwanted access to content. Individual IP addresses or blocks of IP addresses can also be blocked due to unwanted or malicious behavior.
Blocking specific IP addresses
IP address blocking prevents a specific IP address or group of IP addresses from connecting to a server, computer, or application. In general, IP addresses are blocked to prevent unwanted or harmful sites or servers from connecting to an organization’s network or an individual’s computer.
Alternatively, all external access can be blocked. An example blocks anyone on the internet trying to reach my accounting server.
Block an organization’s IPs
IP addresses inside an organization’s system can also be blocked. For example, a hospital can block internal IP addresses to protect the confidential data of network users who should not have access to this information.
An outgoing block is sometimes also required. For example, an accounting server, infected with a bot, can be prevented from trying to reach an order server.
Difficulties with IP blocking
Blocking IP addresses becomes problematic when a person or a company wishes to block an address that is part of a group. When you want to block a specific IP address, the entire group of IP addresses it belongs to must also be blocked.
A good example is the country of Nigeria. Since many scams on the Internet come from Nigerian IP addresses, many, sometimes all, Nigerian IP addresses are blocked. Thus, Nigerian legal businesses and Internet users have suffered from the mass blocking of IP addresses.
Common Reasons for Blocking IP Addresses
Scams are a common reason for IP address blocks, but there are countless other reasons to block an IP address or group.
- Hackers : The goal of most hackers is to gain access to proprietary information (trade secrets) or confidential data (employee health and payroll, or accounting records). If they access it, valuable information could be compromised, credit card information stolen, or a ransomware attack could shut down a business.
- Bots: These usually infect personal computers and use them to amplify attacks elsewhere. For example, they regularly send spam or try to guess passwords, etc.
- Confidential data: Sensitive information deserves special attention. For example, for general security, a corporate network administrator can block all PCs used by accounting. To do this systematically, these workstations are assigned IP addresses between 10.100.11.0 and 10.100.11.255. The administrators then block access to any other address.
- Mail server spam: Spammers often send from the same IP address repeatedly. To block these (sometimes dangerous) nuisances, their source IPs are logged and blocked. There are Reputation Block Lists (RBLs) such as SpamHaus and SORBS that perform this function. They collect spam reports from many different mail servers and list IP addresses that have been reported as sending spam. Many mail server operators block all addresses on these lists.
- Viruses: On a well-secured corporate network, before an individual user is logged in and granted access, antivirus software scans the PC for the latest viruses. If infected, it can be quarantined on a private subnet that has been blocked from the rest of the network. Once isolated, it can be patched and the virus removed.
- Access restriction: It is common for schools and businesses to block sites that they deem distracting, inappropriate, or harmful to student or employee productivity. This type of blocking is usually done by name, using a service that categorizes sites, but some firewall administrators manually block specific IP addresses.
- Criminal activity: If an IP address has a history of illegal activity, such as illegal trading or dark web activity, many servers will block that IP address.
- Extensions: Web browsers can be enhanced with additional software, called extensions, which perform various tasks. Ad blockers are among the most common. Publishers that rely on advertising can block users (IP) with ad blockers. This may apply to other extensions.
- Choking: Throttling consists of limiting the bandwidth to an IP address. It could slow down a website or app for blocked users. Sometimes companies may use this technique to manage network bandwidth, preventing a user from using all available capacity. For example, a video streaming service may limit all IP addresses to standard high definition (HD) video instead of 4K on the night of a major video release so that their servers can cope with increased demand that night. -the.
How are IP addresses blocked?
Software known as a firewall blocks access based on IP addresses. These applications examine the source and destination IP addresses in every data packet on a network and compare each to its list of blocked addresses. If the packet matches an IP address in the list, it simply drops the packet.
For example, if a lot of spam is received from a mail server to an address, it can be added to a list. Other lists may include IP addresses that allow all inbound communication (vulnerable to exploitation) or IP addresses that have been used for botnet attacks. These collections of identified malicious sources are commonly referred to as reputational blacklists or RBLs. Network or server administrators can decide to block any IP address on certain RBLs.
A similar problem arises with IP addresses that are vulnerable to hacking as open relays or proxies. These are also often included in lists of IP addresses to block.
Being listed on an RBL reduces the value of IPv4 addresses. Although RBLs are not universally implemented, inclusion on one or more results in the blocking of an IP address for those deploying the RBL.