Jump to content

Talk:IP address blocking

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
(Redirected from Talk:IP blocking)

What about ip blocking as in software

Is that legal? ugen64 21:14, Feb 24, 2004 (UTC)
Never mind... ugen64 21:14, Feb 24, 2004 (UTC)

Evasion/Effectiveness of IP Blocking

[edit]

What about methods of evading an IP ban, and it's effectiveness? For example I believe some people's ISP assigns them a different IP address quite often, as mine seems to. I also heard that a proxy can be used to evade an IP ban, though I barely know what this means.

Yeah, banning a single IP isn't all that effective. Most people have dynamic IPs which change frequently, and can be changed in a few minutes with minimal know-how. Banning an IP range will keep out unwanted people for longer, since you're essentially blocking every possible IP in that user's pool of IPs, but you will also block any innocent people sharing that pool. Because of this, I would disagree that an IP ban is "effective" as stated in the article. I actually came to this article to see if any better alternatives were listed in a criticism section. --64.180.201.204 (talk) 04:02, 26 April 2008 (UTC)[reply]

A Detailed Response

[edit]

Preface - please let me know if you think the following should be included in the article page for IP blocking. I can provide numerous written texts, both in book from and from the annals of the IEEE that detail the original structure of the Internet and how it has evolved into what it is today.

Thanks! Dr1819 19:47, 10 June 2006 (UTC)[reply]

As a networking security consultant, and member of IEEE, I strongly oppose IP address banning for several key reasons:

1. It's duck-hunting with nuclear weapons, targeting numerous innocent users. Banning even one IP address can hurt tens, hundreds, even thousands of legitimate users, depending upon how many users reside behind that address. "Just one" you say? Think again! In fact, most users of the Internet no longer have static IP addresses. Static IP addresses have been relegated to content providers, and even that is began changing several years ago with the introduction of dynamic DNS. Back on the client side, many corporations, including quite a few Internet Service Providers, have switched from proxies to NATs because of greater security of NATs, and the significantly lower costs of managing users' IP address.

2. Banning ranges of IP address in an attempt to "smother" an elusive user simply multiplies these consequences. For example, I know of one ISP that uses just four Class C IP addresses in it's Internet presentation, yet has more than 15,000 subscribers behind it's NAT implementation. Users can appear to be any one of the four when they start their systems. Banning the entire class C range would ban, at a minimum, slightly more than 65,000 users, and can potentially number in the millions, depending upon who's behind what level of NAT devices.

3. It does nothing to deter networking-savvy users, as IP addresses are far to easily spoofed. I often demonstrate this to my clients by re-registering and posting new content after being "test-banned," and without using a proxy.

4. Proxies can work around the problem, but can also be detected. While detecting and eliminating proxies isn't difficult, it's impossible to detect and elminate a NAT-based firewall, which can be configured to look like any machine, even those from a completely different device or manufacturer, including it's MAC address. Since Internet firewall software is a very good thing (keeps hackers and hijackers at bay), requiring users to turn it off so that the server can ping the user (or user other less well known but highly effective tools to make a more positive ID of the network interface card) is, by comparison, a very bad thing. Going that route promotes a very unsafe Internet, and should be avoided at all costs.

5. DHCP, or Dynamic Host Control Protocol, is used to provide IP addresses to most cable and DSL modem users. Put simply, users are assigned a new IP address each time they connect their computer (or router) to the Internet. Getting a new IP address is a simply matter of turning off your equipment long enough for your previous IP address to be assigned to someone else. One problem with IP address banning is that the new user who inherets the banned IP address won't be able to use Wiki!

Thus, IP address banning is extremely dated and has not been a valid approach since static IP addresses headed out the window when [RFC 1531] was published in 1993. Given the current organization and structure of the Internet, including the fact that most users no longer have static IP addresses, IP address banning is has become highly injurious to the Internet community as a whole, inadvertantly targeting large numbers of innocent users, which causes serious consternation and discontent among the innocent. Websites who continue to employ this very outdated control cause significant harm to the Internet community. In summary, it should never be a policy of any website catering to large numbers of users.

Fortunately, there are several alternatives to IP address banning, including content comparison software. Most users are fairly well-behaved, and troublemakers make up a small percent. It's not a difficult task to install a software that compares content from recently banned members with that posted by new members, particularly those that begin posting on the same pages. While it shouldn't be used alone as a criteria for banning, it can help support a decision based upon how well the two match with respect to the general vocabulary used, the grammer, and even the style of writing. A good rule of thumb to limit what's considered a "positive ID" to the worst few percent, and deal with the rest using the following guidelines:

The most effective way to keep things civil is to enforce standards with grace, primarily by example, particularly by the admins. If admins are grossly violating the rules in their attempts to corral a rogue user, perhaps their approach is flawed. It's always good policy to work with the users, helping those who're wayward to learn more about what's acceptable and what's not, not only with what's considered good content, but also with sound practices for debating content. Using buttoms to automate some of the reminders and "lesson's learned" can greatly ease this task. Online content software can, and should continue to be developed that will force the user to read pertinant guidelines, and even take a short 3 to 5 question test before their posting privaleges are restored. The good news is that everything except the initial assessment of someone's post can be automated by the software.

One final comment is that online content that require users to log in before posting experience a significantly lower rate of problems, on average, than those which allow anonymous posting. Dr1819 19:47, 10 June 2006 (UTC) Updated Dr1819 -- The present entry only discusses the use by web sites to block incoming communications from certain IP addresses. It ignores the wide-spread use by individuals for blocking their IP addresses so web sites cannot determine who is reading or downloading from the site. Some people do this for unlawful purposes, or to post defamatory, obscene or threatening messages without being identifiable. Others may do it for quite reasonable purposes. For example, some companies may collect static IP addresses and add the person to an email list for announcing new products.[reply]

It would be good for someone to add this information to the Wikipedia posting on IP blocking. David Simon

I wanted to know that how to know password through ip Azatrum idiaz (talk) 06:51, 13 October 2016 (UTC)[reply]

[edit]

Old paragraph:

It is also used for censorship. One example is the July 2003 decision by techfocus.org to ban the Recording Industry Association of America (RIAA) and Motion Picture Association of America (MPAA) from its website for various abuses by those two organisations of the content on it. [1]

I removed the reference at the end as it now provides a 404 error. Anyone have a replacement? Trigguh (talk) 14:15, 13 March 2008 (UTC)[reply]

Howard5Dirk41

[edit]

Who the hell is he and why is it important listing him? carocat (talk) 11:18, 31 May 2008 (UTC)[reply]


It's not important, so I removed it. Google only returns results local to that site, and it is therefore in no way famous. —Preceding unsigned comment added by 98.221.236.202 (talk) 20:51, 5 June 2008 (UTC)[reply]

Content

[edit]

Why is my content being removed? All I said was "In further news, IP addresses are assigned differently to each computer. This allows one person to be banned from a forum and another friend to sign on their computer with their account from their house and not get banned."

Which didn't use any foul language or direct insults at other members who are moderators or admins. I was stating true information. (RuckusJorgee (talk) 17:18, 13 February 2012 (UTC))[reply]

See User_talk:Mmovchin#About_Last_Edit.--mmovchin Talk 17:21, 13 February 2012 (UTC)[reply]