IP address blocking: Difference between revisions

Latest revision as of 20:23, 17 June 2022

Screenshot of an IP block message on Wikipedia (in this case, preventing the user from editing)

IP address blocking, or IP banning, is a configuration of a network service that blocks requests from hosts with certain IP addresses.^{[clarification needed]} IP address blocking is commonly used to protect against brute force attacks and to prevent access by a disruptive address. IP address blocking can be used to restrict access to or from a particular geographic area, for example, the syndication of content to a specific region through the use of Internet geolocation and blocking.^[1]

IP address blocking is possible on many systems using a hosts file. Unix-like operating systems commonly implement IP address blocking using a TCP wrapper.

Proxy servers and other methods can be used to bypass the blocking of traffic from IP addresses. However, anti-proxy strategies are available, such as DHCP lease renewal.

How it works[edit]

Screenshot of a dig command, showing a false response from an Iranian DNS server for a request to resolve Persian Wikipedia

Every device connected to the Internet is assigned a unique IP address, which is needed to enable devices to communicate with each other. With appropriate software on the host website, the IP address of visitors to the site can be logged and can also be used to determine the visitor's geographical location.^[2]^[3]

Logging the IP address can, for example, monitor if a person has visited the site before, for example to vote more than once, as well as to monitor their viewing pattern, how long since they performed any activity on the site (and set a time out limit), besides other things.

Knowing the visitor's geo-location indicates, besides other things, the visitor's country. In some cases requests from or responses to a certain country would be blocked entirely. Geo-blocking has been used, for example, to block shows in certain countries. Such as censorship of shows deemed inappropriate especially frequent in places such as China.^[4]^[5]

Internet users may circumvent geo-blocking and censorship and protect personal identity and location to stay anonymous on the internet using a VPN connection.^[4]

On a website, an IP address block can prevent a disruptive address from access, though a warning and/or account block may be used first. Dynamic allocation of IP addresses by ISPs can complicate incoming IP address blocking, rendering it difficult to block a specific user without blocking many IP addresses (blocks of IP address ranges), thereby creating collateral damage.^[6]

Implementations[edit]

Unix-like operating systems commonly implement IP address blocking using a TCP wrapper, configured by host access control files /etc/hosts.deny and /etc/hosts.allow.

Both companies and schools offering remote user access use Linux programs such as DenyHosts or Fail2ban for protection from unauthorised access while allowing permitted remote access. This is also useful for allowing remote access to computers. It is also used for Internet censorship.

IP address blocking is possible on many systems using a hosts file, which is a simple text file containing hostnames and IP addresses. Hosts files are used by many operating systems, including Microsoft Windows, Linux, Android, and OS X.

Circumvention[edit]

A letter from the Russian Federal Security Service (FSB) about IP blocking of ProtonMail^[relevant?]

Proxy servers and other methods can be used to bypass the blocking of traffic from IP addresses.^[7] However, anti-proxy strategies are available. Consumer-grade internet routers can sometimes obtain a new public IP address on demand from the internet service provider using DHCP lease renewal to circumvent individual IP address blocks, but this can be countered by blocking the range of IP addresses from which the internet service provider is assigning new IP addresses, which is usually a shared IP address prefix. However, this may impact legitimate users from the same internet service provider who have IP addresses in the same range, which inadvertently creates a denial-of-service attack.

In a 2013 United States court ruling in the case Craigslist v. 3Taps, US federal judge Charles R. Breyer held that circumventing an address block to access a website is a violation of the Computer Fraud and Abuse Act (CFAA) for "unauthorized access", punishable by civil damages.

References[edit]

↑ The John Marshall Journal of Computer & Information Law, Center for Computer/Law, 2003
↑ "What is an IP address?". HowStuffWorks. 2001-01-12. Retrieved 2019-12-13.
↑ "How cookies track you around the web & how to stop them". Privacy.net. 2018-02-24. Retrieved 2019-12-13.
↑ ^4.0 ^4.1 "What Is Geo-Blocking and How to Bypass It". What Is Geo-Blocking and How to Bypass It. Retrieved 2021-10-12.
↑ "Media Censorship in China". Council on Foreign Relations. Retrieved 2021-10-12.
↑ Groome, Patrick. "[Community] The Trouble with IP Bans". blog.vanillaforums.com. Retrieved 2021-10-12.
↑ "How to: Circumvent Online Censorship". ssd.eff.org. Archived from the original on 2018-12-23.

External links[edit]

[1] The John Marshall Journal of Computer & Information Law, Center for Computer/Law, 2003

[2] "What is an IP address?". HowStuffWorks. 2001-01-12. Retrieved 2019-12-13.

[3] "How cookies track you around the web & how to stop them". Privacy.net. 2018-02-24. Retrieved 2019-12-13.

[:0-4] 4.0 ^4.1 "What Is Geo-Blocking and How to Bypass It". What Is Geo-Blocking and How to Bypass It. Retrieved 2021-10-12.

[5] "Media Censorship in China". Council on Foreign Relations. Retrieved 2021-10-12.

[6] Groome, Patrick. "[Community] The Trouble with IP Bans". blog.vanillaforums.com. Retrieved 2021-10-12.

[7] "How to: Circumvent Online Censorship". ssd.eff.org. Archived from the original on 2018-12-23.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

@@ Line 1: / Line 1: @@
-{{Short description|Access restrictions based on client IP addresses}}
+{{Short description|Access restrictions based on source IP address}}{{Technical|date=January 2022}}
-'''IP address blocking''', or '''an IP ban''', is a configuration of a [[network service]] that blocks requests from [[Host (network)|hosts]] with certain [[IP address]]es. IP address blocking is commonly used to protect against [[brute force attack]]s and to prevent access by a disruptive address.
+[[File:Wikipedia IP block message.png|thumb|250x250px|Screenshot of an IP block message on [[Wikipedia]] (in this case, preventing the user from editing)]]
+'''IP address blocking''', or '''IP banning''', is a configuration of a [[network service]] that blocks requests from [[Host (network)|hosts]] with certain [[IP address]]es.{{Clarify|reason=give an understandable-to-laypeople definition please|date=January 2022}} IP address blocking is commonly used to protect against [[brute force attack]]s and to prevent access by a disruptive address. IP address blocking can be used to restrict access to or from a particular geographic area, for example, the syndication of content to a specific region through the use of [[Internet geolocation]] and blocking.<ref>{{citation|title=The John Marshall Journal of Computer & Information Law|url=https://books.google.com/books?id=jlcuAQAAIAAJ|year=2003|publisher=Center for Computer/Law}}</ref>
-IP address blocking can be used to restrict access to or from a particular geographic area, for example, the syndication of content to a specific region through the use of [[Internet geolocation]] and blocking.<ref>{{citation|title=The John Marshall Journal of Computer & Information Law|url=https://books.google.com/books?id=jlcuAQAAIAAJ|year=2003|publisher=Center for Computer/Law}}</ref>
+IP address blocking is possible on many systems using a [[Hosts (file)#Blocking|hosts file]]. [[Unix-like]] operating systems commonly implement IP address blocking using a [[TCP wrapper]].
+[[Proxy server]]s and other methods can be used to bypass the blocking of traffic from IP addresses. However, anti-proxy strategies are available, such as [[DHCP lease]] renewal.
+==How it works==
+[[File:Netblocks Wikipedia Blocked in Iran 202003.png|thumb|Screenshot of a [[Dig (command)|dig command]], showing a false response from an Iranian DNS server for a request to resolve [[Persian Wikipedia]]]]
+Every device connected to the Internet is assigned a unique [[IP address]], which is needed to enable devices to communicate with each other. With appropriate software on the host website, the IP address of visitors to the site can be logged and can also be used to determine the visitor's [[geolocation|geographical location]].<ref>{{Cite web |url=https://computer.howstuffworks.com/internet/basics/what-is-an-ip-address.htm |title=What is an IP address?|date=2001-01-12|website=HowStuffWorks|language=en|access-date=2019-12-13}}</ref><ref>{{Cite web|url=https://privacy.net/stop-cookies-tracking/ |title=How cookies track you around the web & how to stop them|date=2018-02-24| website=Privacy.net|language=en|access-date=2019-12-13}}</ref>
+Logging the IP address can, for example, monitor if a person has visited the site before, for example to vote more than once, as well as to monitor their viewing pattern, how long since they performed any activity on the site (and set a time out limit), besides other things.
+Knowing the visitor's [[geo-location]] indicates, besides other things, the visitor's country. In some cases requests from or responses to a certain country would be blocked entirely. [[Geo-blocking]] has been used, for example, to block shows in certain countries. Such as [[censorship]] of shows deemed inappropriate especially frequent in places such as [[Censorship in China|China]].<ref name=":0">{{Cite web|title=What Is Geo-Blocking and How to Bypass It|url=https://www.avast.com/c-geoblocking|access-date=2021-10-12|website=What Is Geo-Blocking and How to Bypass It|language=en}}</ref><ref>{{Cite web|title=Media Censorship in China|url=https://www.cfr.org/backgrounder/media-censorship-china|access-date=2021-10-12|website=Council on Foreign Relations|language=en}}</ref>
+Internet users may circumvent [[geo-blocking]] and censorship and protect personal identity and location to stay anonymous on the internet using a [[Virtual Private Network|VPN]] connection.<ref name=":0" />
+On a website, an IP address block can prevent a disruptive address from access, though a warning and/or account block may be used first. Dynamic allocation of IP addresses by [[ISP]]s can complicate incoming IP address blocking, rendering it difficult to block a specific user without blocking many IP addresses (blocks of IP address ranges), thereby creating collateral damage.<ref>{{Cite web|last=Groome|first=Patrick|title=[Community] The Trouble with IP Bans|url=https://blog.vanillaforums.com/product/the-trouble-with-ip-bans|access-date=2021-10-12|website=blog.vanillaforums.com|language=en-us}}</ref>
+==Implementations==
+[[Unix-like]] operating systems commonly implement IP address blocking using a [[TCP wrapper]], configured by host access control files ''/etc/hosts.deny'' and ''/etc/hosts.allow''.
+Both companies and schools offering remote user access use [[Linux]] programs such as [[DenyHosts]] or [[Fail2ban]] for protection from unauthorised access while allowing permitted remote access. This is also useful for allowing remote access to computers. It is also used for [[Internet censorship]].
+IP address blocking is possible on many systems using a [[Hosts (file)#Blocking|hosts file]], which is a simple text file containing hostnames and IP addresses. Hosts files are used by many operating systems, including Microsoft Windows, Linux, Android, and OS X.
+==Circumvention==
+[[File:FSB to MTS Letter about Protonmail IP Blocking 12 T 3 1-94 2019-02-25 (page 1).jpg|thumb|A letter from the Russian [[Federal Security Service]] (FSB) about IP blocking of [[ProtonMail]]{{Relevance inline|date=January 2022}}]]
+[[Proxy server]]s and other methods can be used to bypass the blocking of traffic from IP addresses.<ref>{{cite web|title=How to: Circumvent Online Censorship|url=https://ssd.eff.org/en/module/how-circumvent-online-censorship|url-status=dead|archive-url=https://web.archive.org/web/20181223084444/https://ssd.eff.org/en/module/how-circumvent-online-censorship|archive-date=2018-12-23|website=ssd.eff.org}}</ref> However, anti-proxy strategies are available. Consumer-grade internet routers can sometimes obtain a new public IP address on demand from the [[internet service provider]] using [[DHCP lease]] renewal to circumvent individual IP address blocks, but this can be countered by blocking the range of IP addresses from which the internet service provider is assigning new IP addresses, which is usually a shared [[IP address prefix]]. However, this may impact legitimate users from the same internet service provider who have IP addresses in the same range, which inadvertently creates a [[denial-of-service attack]].
+In a 2013 United States court ruling in the case ''[[Craigslist v. 3Taps]]'', US federal judge [[Charles R. Breyer]] held that circumventing an address block to access a website is a violation of the [[Computer Fraud and Abuse Act]] (CFAA) for "unauthorized access", punishable by [[civil damages]].
+==See also==
+*[[Block (Internet)]]
+*[[Content-control software]]
+==References==
+{{reflist}}
+==External links==
+{{commons category-inline|IP address blocking}}
+{{DEFAULTSORT:Ip Blocking}}
+[[Category:Internet security]]
+[[Category:Blacklisting]]