IP address blocking

Last updated

IP address blocking or IP banning is a configuration of a network service that blocks requests from hosts with certain IP addresses. IP address blocking is commonly used to protect against brute force attacks and to prevent access by a disruptive address. It can also be used to restrict access to or from a particular geographic area; for example, syndicating content to a specific region through the use of Internet geolocation. [1]

Contents

IP address blocking can be implemented with a hosts file (e.g., for Mac, Windows, Android, or OS X) or with a TCP wrapper (for Unix-like operating systems). It can be bypassed using methods such as proxy servers; however, this can be circumvented with DHCP lease renewal.

How it works

Every device connected to the Internet is assigned a unique IP address, which is needed to enable devices to communicate with each other. With appropriate software on the host website, the IP address of visitors to the site can be logged and can also be used to determine the visitor's geographical location. [2] [3]

Logging the IP address can, for example, monitor if a person has visited the site before, for example, to vote more than once, as well as to monitor their viewing pattern, how long since they performed any activity on the site (and set a time out limit), besides other things.

Knowing the visitor's geolocation indicates, besides other things, the visitor's country. In some cases, requests from or responses to a certain country would be blocked entirely. Geo-blocking has been used, for example, to block shows in certain countries, such as censoring shows deemed inappropriate. This is especially frequent in places such as China. [4] [5]

Internet users may circumvent geo-blocking and censorship and protect their personal identity using a Virtual Private Network. [4]

On a website, an IP address block can prevent a disruptive address from access, though a warning and/or account block may be used first. Dynamic allocation of IP addresses by ISPs can complicate IP address blocking by making it difficult to block a specific user without blocking many IP addresses (blocks of IP address ranges), thereby creating collateral damage. [6] For websites with low-enough popularity (often intentionally, with explicitly declaring the majority of potential visitors as out-of-scope) the large-scale collateral damage is often tolerable: most of website accesses, for addresses belong to the same IP range, are accesses of persons just having a dynamic IP address, but the same Internet service provider (ISP), country, city and city districts, based on which IP ranges are assigned by ISPs. On websites with low-enough total visitor count, it is improbable that all these features match more than a single person. For large websites, Terms of Services usually reserve the right of their admins to block access at own discretion, enabling them to create collateral damage this way.

Implementations

Unix-like operating systems commonly implement IP address blocking using a TCP wrapper, configured by host access control files /etc/hosts.deny and /etc/hosts.allow.

Both companies and schools offering remote user access use Linux programs such as DenyHosts or Fail2ban for protection from unauthorized access while allowing permitted remote access. This is also useful for allowing remote access to computers. It is also used for Internet censorship.

IP address blocking is possible on many systems using a hosts file, which is a simple text file containing hostnames and IP addresses. Hosts files are used by many operating systems, including Microsoft Windows, Linux, Android, and OS X.

Circumvention

A letter from the Russian Federal Security Service (FSB) about IP blocking of ProtonMail FSB to MTS Letter about Protonmail IP Blocking 12 T 3 1-94 2019-02-25 (page 1).jpg
A letter from the Russian Federal Security Service (FSB) about IP blocking of ProtonMail

Proxy servers and other methods[ which? ] can be used to bypass the blocking of traffic from IP addresses. [7] However, anti-proxy strategies are available. Consumer-grade internet routers can sometimes obtain a new public IP address on-demand from the ISP using DHCP lease renewal to circumvent individual IP address blocks. This, however, can be countered by blocking the range of IP addresses from which the internet service provider is assigning new IP addresses, which is usually a shared IP address prefix. However, this may impact legitimate users from the same internet service provider who have IP addresses in the same range, which inadvertently creates a denial-of-service attack.

In the case Craigslist v. 3Taps (2013), US federal judge Charles R. Breyer held that circumventing an address block to access a website is a violation of the Computer Fraud and Abuse Act for "unauthorized access", and is thus punishable by civil damages.

See also

Related Research Articles

An Internet filter is software that restricts or controls the content an Internet user is capable to access, especially when utilized to restrict material delivered over the Internet via the Web, Email, or other means. Content-control software determines what content will be available or be blocked.

An Internet Protocol address is a numerical label such as 192.0.2.1 that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface identification, and location addressing.

<span class="mw-page-title-main">Proxy server</span> Computer server that makes and receives requests on behalf of a user

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process.

In Internet networking, a private network is a computer network that uses a private address space of IP addresses. These addresses are commonly used for local area networks (LANs) in residential, office, and enterprise environments. Both the IPv4 and the IPv6 specifications define private IP address ranges.

In computing, Internet geolocation is software capable of deducing the geographic position of a device connected to the Internet. For example, the device's IP address can be used to determine the country, city, or ZIP code, determining its geographical location. Other methods include examination of Wi-Fi hotspots, a MAC address, image metadata, or credit card information.

<span class="mw-page-title-main">Freegate</span>

Freegate is a software application developed by Dynamic Internet Technology (DIT) that enables internet users to view websites blocked by their governments. The program takes advantage of a range of proxy servers called Dynaweb. This allows users to bypass Internet firewalls that block web sites by using DIT's Peer-to-peer (P2P)-like proxy network system. FreeGate's anti-censorship capability is further enhanced by a new, unique encryption and compression algorithm in the versions of 6.33 and above. Dynamic Internet Technology estimates Freegate had 200,000 users in 2004. The maintainer and CEO of DIT is Bill Xia.

<span class="mw-page-title-main">Internet censorship</span> Legal control of the internet

Internet censorship is the legal control or suppression of what can be accessed, published, or viewed on the Internet. Censorship is most often applied to specific internet domains but exceptionally may extend to all Internet resources located outside the jurisdiction of the censoring state. Internet censorship may also put restrictions on what information can be made internet accessible. Organizations providing internet access – such as schools and libraries – may choose to preclude access to material that they consider undesirable, offensive, age-inappropriate or even illegal, and regard this as ethical behavior rather than censorship. Individuals and organizations may engage in self-censorship of material they publish, for moral, religious, or business reasons, to conform to societal norms, political views, due to intimidation, or out of fear of legal or other consequences.

Most Internet censorship in Thailand prior to the September 2006 military coup d'état was focused on blocking pornographic websites. The following years have seen a constant stream of sometimes violent protests, regional unrest, emergency decrees, a new cybercrimes law, and an updated Internal Security Act. Year by year Internet censorship has grown, with its focus shifting to lèse majesté, national security, and political issues. By 2010, estimates put the number of websites blocked at over 110,000. In December 2011, a dedicated government operation, the Cyber Security Operation Center, was opened. Between its opening and March 2014, the Center told ISPs to block 22,599 URLs.

DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

<span class="mw-page-title-main">Internet Watch Foundation and Wikipedia</span> Blacklist of Wikipedia in the UK

On 5 December 2008, the Internet Watch Foundation (IWF), a British watchdog group, blacklisted content on the English Wikipedia related to Scorpions' 1976 studio album Virgin Killer, due to the presence of its controversial cover artwork, depicting a young girl posing nude, with a faux shattered-glass effect obscuring her genitalia. The image was deemed to be "potentially illegal content" under English law which forbids the possession or creation of indecent photographs of children. The IWF's blacklist are used in web filtering systems such as Cleanfeed.

<span class="mw-page-title-main">Ultrasurf</span>

UltraSurf is a freeware Internet censorship circumvention product created by UltraReach Internet Corporation. The software bypasses Internet censorship and firewalls using an HTTP proxy server, and employs encryption protocols for privacy.

Internet censorship circumvention, also referred to as going over the wall or scientific browsing in China, is the use of various methods and tools to bypass internet censorship.

<span class="mw-page-title-main">VPN blocking</span>

VPN blocking is a technique used to block the encrypted protocol tunneling communications methods used by virtual private network (VPN) systems. Often used by large organizations such as national governments or corporations, it can act as a tool for computer security or Internet censorship by preventing the use of VPNs to bypass network firewall systems.

<span class="mw-page-title-main">PirateBrowser</span> Tor Browser-based circumvention tool prepared by The Pirate Bay

PirateBrowser is an Internet browser by The Pirate Bay used to circumvent Internet censorship.

The precise number of websites blocked in the United Kingdom is unknown. Blocking techniques vary from one Internet service provider (ISP) to another with some sites or specific URLs blocked by some ISPs and not others. Websites and services are blocked using a combination of data feeds from private content-control technology companies, government agencies, NGOs, court orders in conjunction with the service administrators who may or may not have the power to unblock, additionally block, appeal or recategorise blocked content.

The child abuse image content list is a list of URLs and image hashes provided by the Internet Watch Foundation to its partners to enable the blocking of child pornography & criminally obscene adult content in the UK and by major international technology companies.

Geo-blocking, geoblocking or geolocking is technology that restricts access to Internet content based upon the user's geographical location. In a geo-blocking scheme, the user's location is determined using Internet geolocation techniques, such as checking the user's IP address against a blacklist or whitelist, GPS queries in the case of a mobile device, accounts, and measuring the end-to-end delay of a network connection to estimate the physical location of the user. The result of this check is used to determine whether the system will approve or deny access to the website or to particular content. The geolocation may also be used to modify the content provided, for example, the currency in which goods are quoted, the price or the range of goods that are available, besides other aspects.

Internet censorship in Switzerland is regulated by the Federal Supreme Court of Switzerland on a case by case basis. Internet services provided by the registered with BAKOM Internet service providers (ISPs) are subject to a "voluntary recommendation" by the Federal Supreme Court of Switzerland, which requires blocking of websites just after 18 December 2007. As of October 2015, this might change soon and additional topics like Online gambling are on the focus now.

<span class="mw-page-title-main">Domain fronting</span> Technique for Internet censorship circumvention

Domain fronting is a technique for Internet censorship circumvention that uses different domain names in different communication layers of an HTTPS connection to discreetly connect to a different target domain than is discernable to third parties monitoring the requests and connections.

<span class="mw-page-title-main">Snowflake (software)</span> Anti-censorship software

Snowflake is a software package for assisting others in circumventing internet censorship by relaying data requests. Snowflake relay nodes are meant to be created by people in countries where Tor and Snowflake are not blocked. People under censorship then use a Snowflake client, packaged with the Tor Browser or Onion Browser, to access the Tor network, using Snowflake relays as proxy servers. Access to the Tor network can in turn give access to other blocked services. A Snowflake node can be created by either installing a browser extension, installing a stand-alone program, or browsing a webpage with an embedded Snowflake relay. The node runs whenever the browser or program is connected to the internet.

References

  1. The John Marshall Journal of Computer & Information Law, Center for Computer/Law, 2003[ page needed ]
  2. "What is an IP address?". HowStuffWorks. 2001-01-12. Retrieved 2019-12-13.
  3. "How cookies track you around the web & how to stop them". Privacy.net. 2018-02-24. Retrieved 2019-12-13.
  4. 1 2 "What Is Geo-Blocking and How to Bypass It". Avast. Archived from the original on 2023-01-03. Retrieved 2021-10-12.
  5. "Media Censorship in China". Council on Foreign Relations. Retrieved 2021-10-12.
  6. Groome, Patrick. "[Community] The Trouble with IP Bans". blog.vanillaforums.com. Archived from the original on 2022-07-13. Retrieved 2021-10-12.
  7. "How to: Circumvent Online Censorship". ssd.eff.org. Archived from the original on 2018-12-23.

Commons-logo.svg Media related to IP address blocking at Wikimedia Commons

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.