Hubbry Logo
IP address blockingIP address blockingMain
Open search
IP address blocking
Community hub
IP address blocking
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
IP address blocking
IP address blocking
IP address blocking
View on Wikipedia
from Wikipedia

IP address blocking or IP banning is a configuration of a network service that blocks requests from hosts with certain IP addresses. It is commonly used to protect against brute force attacks and to prevent access by a disruptive address. It can also be used to restrict access to or from a particular geographic area; for example, syndicating content to a specific region through the use of Internet geolocation.

IP address blocking can be implemented with a hosts file (e.g., for Mac, Windows, Android, or OS X) or with a TCP wrapper (for Unix-like operating systems). It can be bypassed using methods such as proxy servers; however, this can be circumvented with DHCP lease renewal.

How it works

[edit]

Every device connected to the Internet is assigned a unique IP address, which is needed to enable devices to communicate with each other.[1] With appropriate software on the host website, the IP address of visitors to the site can be logged and can also be used to determine the visitor's geographical location.[2][3]

Logging the IP address can, for example, monitor if a person has visited the site before, for example, to vote more than once, as well as to monitor their viewing pattern, how long since they performed any activity on the site (and set a time out limit), besides other things.

Knowing the visitor's geolocation indicates, besides other things, the visitor's country. In some cases, requests from or responses to a certain country would be blocked entirely. Geo-blocking has been used, for example, to block shows in certain countries, such as censoring shows deemed inappropriate. This is especially frequent in places such as China.[4][5]

Internet users may circumvent geo-blocking and censorship and protect their personal identity using a Virtual Private Network.[4]

On a website, an IP address block can prevent a disruptive address from access, though a warning and/or account block may be used first. Dynamic allocation of IP addresses by Internet service providers (ISPs) can complicate IP address blocking by making it difficult to block a specific user without blocking many IP addresses (blocks of IP address ranges), thereby creating collateral damage.[6] For websites with low-enough popularity (often intentionally, with explicitly declaring the majority of potential visitors as out-of-scope) the large-scale collateral damage is often tolerable: most of website accesses, for addresses belong to the same IP range, are accesses of persons just having a dynamic IP address, but the same ISP, country, city and city districts, based on which IP ranges are assigned by ISPs. On websites with low-enough total visitor count, it is improbable that all these features match more than a single person. For large websites, Terms of Services usually reserve the right of their admins to block access at own discretion, enabling them to create collateral damage this way.

Implementations

[edit]

Unix-like operating systems commonly implement IP address blocking using a TCP wrapper, configured by host access control files /etc/hosts.deny and /etc/hosts.allow.

Both companies and schools offering remote user access use Linux programs such as DenyHosts or Fail2ban for protection from unauthorized access while allowing permitted remote access. This is also useful for allowing remote access to computers. It is also used for Internet censorship.

IP address blocking is possible on many systems using a hosts file, which is a simple text file containing hostnames and IP addresses. Hosts files are used by many operating systems, including Microsoft Windows, Linux, Android, and OS X.[1]

Circumvention

[edit]
A letter from the Russian Federal Security Service (FSB) about IP blocking of ProtonMail[relevant?]

Proxy servers and VPNs can be used to bypass the blocking of traffic from IP addresses.[7] However, anti-proxy strategies are available. Consumer-grade internet routers can sometimes obtain a new public IP address on-demand from the ISP using DHCP lease renewal to circumvent individual IP address blocks. This, however, can be countered by blocking the range of IP addresses from which the internet service provider is assigning new IP addresses, which is usually a shared IP address prefix. However, this may impact legitimate users from the same internet service provider who have IP addresses in the same range, which inadvertently creates a denial-of-service attack.

In the case Craigslist v. 3Taps (2013), US federal judge Charles R. Breyer held that circumventing an address block to access a website is a violation of the Computer Fraud and Abuse Act for "unauthorized access", and is thus punishable by civil damages.

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

IP address blocking

View on Grokipedia
from Grokipedia
IP address blocking is a fundamental network management and practice that denies communication between devices or services by filtering traffic based on source or destination (IP) addresses or ranges, often implemented through firewall rules or lists (ACLs) that examine packet headers to enforce deny policies. This technique operates at the network layer, allowing administrators to preemptively block unwanted inbound or outbound connections without deeper payload inspection. Commonly deployed to counter threats such as distributed denial-of-service (DDoS) attacks, unauthorized intrusions, and spam campaigns, IP blocking enables rapid isolation of malicious actors identified via threat intelligence or . In organizational settings, it supports compliance with access policies by restricting connections from untrusted regions or known compromised hosts. Governments and censors, however, leverage it extensively to suppress , directing ISPs to null-route or drop packets to targeted domains, services, or entire IP blocks associated with foreign platforms, as documented in global surveys. Despite its simplicity and low overhead, IP blocking's reliability is undermined by dynamic IP allocation, where user addresses change frequently via DHCP, evading static bans, and by evasion tools like VPNs or proxies that mask origins with permitted IPs. These limitations necessitate layered defenses, such as behavioral analysis or encryption-resistant filtering, highlighting IP blocking's role as a coarse first-line measure rather than a comprehensive solution.

Fundamentals

Definition and Core Principles

IP address blocking refers to the configuration of network devices, such as routers or firewalls, to inspect and discard data packets based on their source or destination (IP) addresses, thereby preventing communication between specified endpoints and the protected network or service. This technique operates primarily at the network layer (Layer 3 of the ), where IP addresses serve as identifiers for devices and hosts in packet-switched networks, allowing for rule-based filtering without regard to higher-layer protocols or content. The method relies on the inherent structure of IP packet headers, which include explicit source and destination address fields, enabling devices to evaluate traffic against predefined lists (ACLs) or equivalent policies before forwarding. Core principles of IP address blocking stem from the stateless or stateful nature of packet inspection in IP networks. In stateless filtering, each packet is evaluated independently against fixed rules—such as denying all traffic from a /24 (e.g., 192.0.2.0/24)—without maintaining connection state, which ensures low computational overhead but risks incomplete blocking of fragmented or multi-packet flows. Stateful variants, conversely, track active sessions (e.g., via connection tuples of source IP, destination IP, ports, and protocols) to enforce bidirectional controls, as implemented in modern firewalls, allowing for more granular denial of established connections while permitting initial handshakes only from whitelisted addresses. These principles exploit the deterministic routing of IP datagrams, where blocking at an ingress point causally interrupts the path from sender to receiver, but efficacy depends on the topological position of the filtering device—edge routers block inbound threats effectively, yet core network blocks may collateralize innocent traffic due to IP address sharing via (NAT). Empirical implementations, such as those in ACLs, demonstrate that matching occurs in hardware-accelerated ternary (TCAM) for high-speed decisions, processing millions of packets per second with minimal latency. Fundamentally, IP blocking embodies a coarse-grained paradigm grounded in endpoint identification rather than behavioral , prioritizing and over precision; for instance, blocking a single (32 bits) or CIDR range targets up to 2^32 endpoints, but dynamic assignment (e.g., via DHCP) introduces temporal variability, necessitating periodic rule updates. This approach aligns with engineering principles of minimal intervention, as outlined in IETF guidelines, avoiding to preserve end-to-end transparency, though it inherently collides with shared addressing realities—over 4 billion mask multiple users behind carriers' pools, leading to overblocking risks documented in operational analyses. In environments, with 128-bit , blocking scales to vast ranges but amplifies collateral effects absent widespread NAT, underscoring the principle that address uniqueness causally enhances isolation but demands precise rule specificity to mitigate false positives.

IP Address Fundamentals Relevant to Blocking

An serves as a unique numerical label assigned to each device connected to a that uses the [Internet Protocol](/page/Internet Protocol) for communication, enabling the routing of data packets to their intended destinations. In the context of blocking, this identifier forms the basis for network-level restrictions, where firewalls or routers inspect packet headers containing source or destination IP addresses and drop matching traffic. The predominant IPv4 protocol employs 32-bit addresses, expressed in dotted-decimal notation (e.g., 192.0.2.1), yielding approximately 4.3 billion unique addresses, a scarcity that has driven widespread adoption of conservation techniques. Its successor, IPv6, utilizes 128-bit addresses in hexadecimal format (e.g., 2001:db8::1), providing about 3.4 × 10^38 possible addresses to accommodate global expansion without address-sharing mechanisms. Blocking under IPv4 often encounters higher collateral effects due to address exhaustion, whereas IPv6's abundance supports direct, one-to-one device addressing, potentially enhancing blocking precision but requiring updated infrastructure. IP addresses can be static, manually configured and unchanging, or dynamic, automatically assigned via protocols like DHCP for periods ranging from minutes to days, leading to frequent changes that undermine long-term blocking efficacy against mobile or residential users. Private IP ranges, defined in RFC 1918 (e.g., 192.168.0.0/16), operate within networks and are non-routable on the public , necessitating translation for external access. Network Address Translation (NAT), commonly implemented in routers, maps multiple private internal IPs to a single public IP, allowing thousands of devices—such as in homes or cellular networks—to share it for outbound traffic. This , including (CGNAT) used by ISPs, means blocking a public IP can inadvertently restrict unrelated users, as evidenced by blocklist contamination from address reuse, where one IP serves diverse endpoints. Consequently, IP blocking targets networks rather than individuals, amplifying overblocking risks in IPv4-dominated environments while mitigates such issues through native end-to-end addressing.

Technical Mechanisms

Operational Implementation

IP address blocking is operationally implemented through rule-based packet filtering mechanisms in network hardware and software, primarily via access control lists (ACLs) configured on firewalls, routers, and switches. These ACLs consist of sequential entries specifying criteria such as source or destination IP addresses, protocols, and ports, with actions to permit or deny matching traffic. Devices evaluate incoming and outgoing packets against the ACL in order, applying the first matching rule and enforcing an implicit deny for any unmatched packets, thereby preventing blocked IPs from establishing connections or traversing the network. In enterprise and ISP environments, firewalls like or products apply ACLs to interfaces, supporting both stateless filtering—where each packet is inspected independently—and stateful inspection, which tracks connection states to block response traffic from permitted initiations involving blacklisted IPs. Cloud providers implement analogous controls; for instance, uses VPC network ACLs to filter traffic at subnet boundaries, while Azure employs IP ACLs for virtual network security groups, each capable of blocking specific IPs or ranges to mitigate risks like denial-of-service attacks. At the host or server level, operating systems provide kernel-integrated tools for IP blocking; distributions utilize or its successor to insert rules into netfilter chains, such as iptables -A INPUT -s 192.0.2.1 -j DROP to silently discard all inbound packets from a designated IP, enabling efficient, low-level enforcement without application involvement. Web servers extend this to application-layer control: versions 2.4 and later use Require not ip directives in .htaccess files or virtual host configurations to reject HTTP requests from specified IPs, while employs similar deny statements in server blocks. Advanced implementations incorporate dynamic feeds for automated blocking; , for example, leverages Security Intelligence to cross-reference IP reputations from threat databases like , instantly applying blocks to IPs associated with or exploits without manual ACL updates. In governmental contexts, directives enforce blocking at scale: on February 25, 2019, Russia's (FSB) instructed Mobile TeleSystems (MTS) to filter ProtonMail's SMTP server IPs at the router level, demonstrating coordinated ISP-level operational deployment to restrict service access.

Variations in Blocking Techniques

IP blocking techniques vary primarily in granularity, implementation level, and dynamism to address different threat models and operational needs. At the most basic level, blocking can target individual IP addresses (equivalent to a /32 CIDR prefix for IPv4), which is suitable for isolating known malicious single sources but inefficient for widespread abuse from shared infrastructure. In contrast, range-based blocking employs (CIDR) notation to deny access to entire subnets, such as 203.0.113.0/24 encompassing 256 addresses, enabling efficient mitigation of botnets or attacks originating from the same ISP allocation without enumerating each endpoint. This approach reduces administrative overhead but risks collateral denial of legitimate users within the range, as demonstrated in cases where cloud providers' broad allocations complicate precise targeting. Implementation variations occur across network layers and devices. -layer techniques, often via packet-filtering firewalls or routers, inspect IP headers in transit and silently drop matching packets, operating at OSI Layer 3 for high-speed, low-overhead enforcement across entire infrastructures. Application-layer methods, conversely, occur deeper in the stack—such as within web servers using configuration files like Apache's .htaccess or deny directives—or through Firewalls (WAFs) that parse higher-protocol data for context-aware decisions, allowing blocks based on combined IP and behavioral signals like excessive requests. Hardware-based routers (e.g., ACLs) provide perimeter-wide static rules, while software firewalls like on enable dynamic scripting for rule updates, though they introduce latency in high-traffic scenarios. Further distinctions include static versus dynamic blocking. Static methods involve predefined lists of IPs or ranges hardcoded into lists (ACLs), effective for persistent threats like known command-and-control servers but vulnerable to IP churn in dynamic environments. Dynamic techniques integrate real-time analysis, such as rate-limiting thresholds triggering temporary blocks (e.g., via fail2ban scanning logs for failed logins) or machine learning-driven in advanced firewalls, adapting to evolving attacks but requiring computational resources and risking false positives. Whitelisting inverts this by permitting only approved IPs, a restrictive variant used in high-security setups like zero-trust architectures, though it demands meticulous maintenance to avoid operational disruptions. These variations balance precision against scalability, with empirical data from security logs showing range blocking reduces DDoS amplification by up to 90% in targeted deployments when calibrated to provider-level aggregates.

Primary Applications

Defensive Uses in Security and Moderation

IP address blocking is employed in cybersecurity to restrict access from sources associated with malicious activities, such as distributed denial-of-service (DDoS) attacks, where specific originating IPs are filtered to contain traffic floods from identifiable attackers. In cases of targeted DoS from single IPs, tools like can nullify the threat by dropping packets, reducing server load to negligible levels. Web application firewalls (WAFs) integrate IP blacklisting to preempt exploits, logging and denying requests from IPs matching patterns of or other intrusions. Blacklists maintained by security providers compile IPs linked to phishing, spam propagation, or command-and-control servers, enabling automated blocking at network edges to intercept threats before they impact endpoints. For instance, intrusion prevention systems dynamically add suspicious IPs—detected via port scans or anomalous behavior—to blocklists, enhancing real-time defense against evolving threats. Cloud-based WAFs, such as those from AWS or Cloudflare, support rule-based IP restrictions, allowing administrators to deny access from ranges exhibiting high-volume probes while permitting legitimate traffic. In , IP blocking prevents automated spam and abuse on forums and wikis by targeting bots that register or post en masse from compromised or datacenter IPs. Aggregated databases from user reports enable platforms to query and block IPs responsible for repeated spam submissions across sites, reducing manual review burdens. Forum administrators often ban entire IP ranges linked to networks or bot farms, as seen in implementations where repeated offender ranges are preemptively restricted to maintain discussion integrity. Anti-spam plugins for systems like IPB extend this by filtering registrations and messages based on blacklisted IPs, integrating behavioral checks to isolate human users. Email servers and web hosts apply IP blocking defensively against spam campaigns, where blacklists of originating IPs halt unsolicited bulk messages at the gateway, preserving bandwidth and user inboxes. In collaborative platforms, such measures complement CAPTCHAs by enforcing IP-level denials on detected , ensuring sustained operational security without relying solely on account bans.

Restrictive Uses in and

Governments deploy IP address blocking to curtail access to services perceived as threats to national security or public order. In Russia, the Federal Security Service (FSB) issued directives in February 2019 to major internet service providers, including MTS, mandating the blocking of 26 IP addresses associated with ProtonMail servers. This measure responded to anonymous bomb threat emails sent via ProtonMail, which the FSB claimed disrupted public safety, though ProtonMail maintained the block unjustifiably penalized the entire service rather than specific abusers. The action circumvented Russia's standard registry-based blocking system, directly targeting mail server IPs to hinder encrypted communications without judicial oversight. Such tactics extend to broader censorship frameworks, where states like integrate IP blocking into national firewalls to restrict foreign platforms disseminating unapproved content. These blocks often accompany DNS manipulation and traffic inspection, enabling granular control over information flows while evading detection through partial throttling rather than outright denial. Empirical data from global reports indicate over 30 countries employed IP-based restrictions in , frequently justified under anti-terrorism or anti-extremism pretexts, though critics argue they suppress by design. In commerce, enterprises apply IP blocking to enforce geographic access controls, aligning with licensing contracts and to safeguard revenue streams. Video-on-demand platforms, for instance, systematically deny service to IP addresses geolocated outside licensed territories, preventing cross-border content that could violate international distribution pacts. This , reliant on IP geolocation databases, generated compliance for services handling billions in annual licensing fees, as non-adherence risks legal penalties exceeding $100,000 per violation in jurisdictions like the . operators further restrict IPs from proxy-heavy or sanctioned regions to avert unauthorized and ensure , with studies showing such measures reduce losses by up to 40% in targeted sectors. Financial firms leverage IP blocks to delimit service availability, such as U.S. guidelines recommending screening for sanctions enforcement, where blocking addresses tied to prohibited entities prevents illicit transactions. These commercial restrictions, while effective for contractual fidelity, inadvertently impact legitimate users sharing IP ranges, as evidenced by cases where broad blocks disrupted for unrelated parties.

Assessment of Efficacy

Demonstrated Benefits and Data-Driven Successes

IP address blocking has proven effective in reducing cyber risks from identified malicious sources, particularly in enterprise environments. A semi-quantitative cybersecurity risk assessment implemented IP range blocking for overseas addresses, yielding a 92.9% reduction in cyber infringement risk compared to pre-blocking levels, alongside decreases in other vectors such as unauthorized access attempts. This approach leverages aggregated intelligence to preemptively deny , demonstrating causal in lowering exposure to external actors with poor hygiene or hostile intent. In distributed denial-of-service () mitigation, IP blocking combined with anti-spoofing measures enables organizations to neutralize up to 90% of attacks by discarding or rate-limiting from implicated sources. Service providers employing such techniques, including blackholing targeted IPs, report sustained network during volumetric assaults, as the method disrupts the attack's ability to overwhelm resources from fixed or predictable origins. Empirical evaluations of IP blacklists further confirm their role in filtering malicious communications, with studies showing consistent prevention of interactions with blacklisted peers across network scans. Automated tools like fail2ban exemplify data-driven successes in brute-force attack prevention, dynamically banning IPs after repeated failed authentication attempts and thereby curtailing unauthorized access rates in server logs. Network security case studies highlight IP blocking's integration into intrusion prevention systems, where it detects and halts internal propagation of threats, such as compromised servers initiating secondary attacks, before user impact occurs. These implementations underscore blocking's value as a first-line defense when paired with logging and threat feeds, though efficacy depends on timely intelligence updates to address IP churn.

Inherent Drawbacks and Empirical Shortcomings

IP address blocking inherently lacks precision because multiple users often share the same public due to (NAT) employed by routers, ISPs, and corporate networks, resulting in unintended denial of service to legitimate users when a single address is targeted. For instance, residential connections typically assign dynamic or shared IPs to thousands of subscribers, meaning a block intended for one abuser can disrupt access for unrelated individuals, amplifying false positives and eroding trust in the system. Dynamic IP allocation further undermines reliability, as addresses assigned by DHCP protocols change periodically—often daily or upon reconnection—rendering blocks temporary and ineffective against persistent who simply reacquire new addresses. Empirical analysis of IP blacklists reveals that evasion via rotation or cloud-based limits long-term containment, with scanners and malicious entities frequently cycling through fresh IPs to sustain operations. Collateral damage extends to broader effects, such as when blocking an IP prefix shared by multiple domains inadvertently restricts access to non-malicious services hosted on the same , a common outcome in content delivery networks (CDNs) and cloud providers. Studies of large-scale blocking, including DNS-based variants tied to IP resolution, document disproportionate impacts, with hundreds of legitimate websites affected in anti-piracy efforts like Italy's Piracy Shield, where FQDN and IP measures ensnared unrelated sites without targeted intent. In forum moderation and ad prevention, data indicates IP bans fail to curb sophisticated threats reliant on botnets or VPNs, while routinely penalizing innocent users on shared networks, leading to scalability issues and negligible deterrence. Overall efficacy falters empirically against determined circumvention, as tools like proxies and anonymity networks enable rapid bypassing; for example, attempts via IP blocking achieve high initial peer isolation in networks like but require ongoing resource-intensive injections to maintain coverage beyond 95%, highlighting unsustainable overhead without addressing root behaviors. In security contexts, evaluations show persistent vulnerabilities due to incomplete coverage and attacker adaptation, underscoring that IP blocking serves more as a coarse first-line filter than a robust standalone measure.

Countermeasures and Evasion

Techniques for Circumventing Blocks

Virtual Private Networks (VPNs) encrypt and route it through a remote server, presenting the server's IP address to the destination instead of the user's original IP, thereby circumventing blocks imposed on specific IP ranges. This method is widely used for evading geo-restrictions and site-specific bans, with VPN services like and reporting millions of daily users as of 2024 for such purposes. However, some blocking systems detect and block known VPN server IPs, reducing efficacy unless obfuscated servers or protocols like are employed. Proxy servers function similarly by acting as intermediaries that forward requests from the user's device using the proxy's , allowing access to blocked content without altering the underlying connection encryption in basic HTTP proxies. Residential proxies, which utilize from real consumer devices via ISP assignments, are particularly effective against detection because they mimic legitimate , with providers like Oxylabs noting lower ban rates compared to datacenter proxies in applications as of 2023 data. SOCKS5 proxies offer additional versatility by supporting various protocols beyond HTTP, though they may leak the original IP if not configured properly. The Tor network enables circumvention through onion routing, where traffic is relayed across multiple volunteer-operated nodes, each aware only of the immediate predecessor and successor, ultimately exiting via a node with an unblocked IP. This multi-hop anonymity has been empirically tested to bypass IP blocks in censored environments, such as during the 2019 Hong Kong protests where Tor usage surged by over 6,000% according to Tor Project metrics, though exit node blocking by targets can limit reliability. For users with dynamic IP addresses assigned by ISPs, simple reconnection techniques—such as restarting a /router or switching to mobile data—can assign a new IP from the provider's pool, evading temporary blocks without additional software. Modifying the device's , which influences IP assignment in local networks, provides another low-level , effective in home setups where ISPs tie IPs to hardware identifiers, though this requires administrative access and may not persist across reboots. Advanced users employ IP rotation via automated proxy pools or scripting to cycle through addresses rapidly, minimizing detection in high-volume scenarios like , where services report ban evasion rates improving from 20% to over 90% with rotation intervals under 5 minutes based on 2024 benchmarks. SSH tunneling creates encrypted proxies over existing connections, useful for bypassing corporate or institutional blocks by forwarding traffic through an unblocked remote host. These techniques, while effective, can introduce latency and potential risks if using untrusted intermediaries.

Strategies to Mitigate Evasion

To counter evasion tactics such as proxy chaining, VPN rotation, and dynamic IP reassignment, network administrators and platform operators implement layered defenses that extend beyond singular IP reliance. These strategies leverage proxy detection databases, auxiliary identifiers, and traffic pattern analysis to increase the cost and detectability of circumvention attempts. from cybersecurity firms indicates that combining IP blocking with behavioral heuristics reduces successful evasions by identifying anomalous session continuity across changes. A core approach entails preemptively blocking IP ranges linked to commercial VPNs, datacenter proxies, and Tor exit nodes, which account for a significant portion of evasion traffic. Services like and third-party providers maintain updated lists of such addresses, often derived from active scanning and crowdsourced reporting, allowing firewall rules to target autonomous system numbers (ASNs) or CIDR blocks associated with anonymization providers. For instance, (DPI) or IP reputation scoring can flag and throttle traffic from these sources, as VPN blockers specifically target static server IPs used by popular services. This method proved effective in reducing proxy-mediated abuse in enterprise environments, where known VPN endpoints comprise up to 20-30% of suspicious inbound requests according to analytics. Device and browser fingerprinting supplements IP controls by generating persistent identifiers from hardware, software, and behavioral signals—such as screen resolution, installed fonts, timezone, and rendering—independent of . Platforms record these fingerprints upon initial banning, enabling correlation of new sessions attempting re-entry; fraud detection systems report detection rates exceeding 90% for repeat offenders using fingerprint-stable evasion tools like antidetect browsers. Incognia, a device intelligence provider, notes that this technique counters multi-accounting and proxy swaps by linking disparate IPs to the same underlying device posture, though it requires compliance with privacy regulations like GDPR to avoid overreach. Rate limiting and behavioral analysis further mitigate evasion by enforcing thresholds on request volume, session duration, and interaction patterns rather than static IPs alone. Algorithms like or sliding window limit actions per inferred user session, flagging bursts indicative of automated or rotated-access attempts; Imperva's implementations, for example, integrate this with to curb resource exhaustion from evaders cycling through proxies. When paired with models trained on historical abuse data, these systems achieve sub-1% false positive rates in high-traffic scenarios, as validated in protection benchmarks. firewalls (WAFs) often embed such logic, dynamically adjusting limits based on deviation from baseline human behavior, such as mouse or navigation . Advanced deployments incorporate honeypots and collaborative threat intelligence to trap and profile evaders. Invisible traps mimic vulnerable endpoints to lure scanners, revealing proxy chains via logged access patterns, while shared blocklists from ISPs or consortia like Spamhaus amplify coverage of emerging evasion vectors. These measures, while resource-intensive, demonstrate sustained in longitudinal studies, with platforms reporting 40-60% drops in post-implementation. Limitations persist against sophisticated adversaries employing residential proxies or ML-generated human-like , necessitating ongoing .

Regulatory Frameworks and Jurisdictional Variations

Regulatory frameworks for IP address blocking lack a unified , with authority typically residing at the national level where governments delegate enforcement to agencies or courts based on domestic laws targeting , , , or sanctions compliance. In jurisdictions emphasizing state control, such as and , regulators possess broad unilateral powers to mandate blocks without judicial oversight, enabling rapid implementation via ISP directives. China's Great Firewall, operational since the late 1990s and formalized under the 2017 Cybersecurity Law, empowers the (CAC) to block IP addresses associated with prohibited content, including foreign sites deemed threats to social stability or . This framework integrates IP blocking with packet filtering and inspection, affecting millions of addresses annually, as evidenced by blacklists maintained by state firewalls that deny access to domains like and . In Russia, the Federal Service for Supervision of Communications, Information Technology, and Mass Media () holds statutory authority under Federal Law No. 149-FZ to order ISPs to block IP ranges for violations including , , or non-compliance with rules, with over 1 million URLs restricted as of 2023. For instance, in 2019, the FSB directed mobile operators like MTS to block ProtonMail's IP addresses to curb encrypted communications bypassing . Recent expansions target VPNs and IPs, throttling foreign services amid geopolitical tensions. Contrastingly, , IP blocking by ISPs faces constraints from the First Amendment and principles under Title II of the Communications Act, prohibiting arbitrary content discrimination absent court orders or security needs. Federal courts have authorized DNS and IP blocks for sites via the (DMCA) or civil suits, as in 2022 orders against streaming infringers, but broad ISP-mandated remains rare and subject to challenges. The European Union's (DSA), effective February 2024, imposes obligations on platforms to mitigate illegal content through moderation rather than direct IP blocks, emphasizing transparency and risk assessments without empowering ISPs for wholesale blocking. Member states may pursue site blocks for IP enforcement under e-Commerce Directive provisions, but variations exist; for example, and issue judicial orders for copyright-related IP restrictions, while for licensing complies with the Geo-blocking Regulation barring unjustified discrimination. Other nations exhibit hybrid approaches: India's grant the Ministry of Electronics and Information Technology powers akin to for emergency blocks, while Australia's 2015 site-blocking regime relies on Federal Court orders for IP and DNS interventions against , blocking over 50 domains by 2020. These divergences reflect causal trade-offs between rapid threat mitigation and risks of overreach, with empirical data showing authoritarian models achieve higher compliance rates but at the cost of and user evasion via proxies.

Tensions Between Security Imperatives and Individual Rights

![FSB letter to MTS ordering Protonmail IP blocking][float-right] IP address blocking serves critical security functions, such as thwarting cyberattacks like DDoS attacks or curbing dissemination of illegal content, but it inherently clashes with individual rights to freedom of expression, access to information, and , particularly when blocks lack precision and proportionality. The prevalence of shared IP addresses exacerbates these tensions, as multiple users or domains often operate under a single public IP due to (NAT) and cloud hosting practices; studies indicate that over 87% of active domains share IP addresses with others, meaning a block targeting one entity can deny access to unrelated, legitimate services for thousands of users. In Italy's Piracy Shield system, implemented in 2024 to combat , IP blocks have resulted in significant overblocking, with analyses showing to innocent sites and an average of 7.5 blocked IPs per /24 in affected ranges, impacting user access to non-infringing content. European Court of Human Rights (ECtHR) jurisprudence underscores the rights implications, ruling in cases like Kharitonov v. Russia (2017) that blocking entire IP addresses constitutes an extreme interference with Article 10 of the (freedom of expression), permissible only if strictly necessary, proportionate, and accompanied by judicial oversight to minimize collateral effects on non-targeted parties. A stark illustration occurred in in , when the (FSB) directed mobile operator MTS to block specific ProtonMail IP addresses (e.g., 185.70.40.0/24) via a letter dated February 25, citing national security concerns over encrypted communications potentially used by adversaries; this measure disrupted secure email access for ordinary users, prioritizing state surveillance imperatives over privacy rights enshrined in international standards like the Universal Declaration of Human Rights. Such practices highlight causal realities where security-driven blocks, while defensible against verifiable threats, often devolve into broader tools, eroding individual without commensurate empirical gains in safety, as evasion via VPNs or proxies undermines efficacy while violations persist.

Broader Societal Impacts and Debates

IP address blocking, while intended to mitigate specific threats, has engendered widespread societal repercussions, including curtailed access to information and economic disruptions. In regions employing extensive blocks, such as China's Great Firewall, citizens experience restricted exposure to global viewpoints, fostering informational silos that hinder and cultural exchange. Empirical analyses indicate that such measures correlate with diminished economic productivity, as shutdowns and blocks—often implemented via IP restrictions—result in billions in losses from halted and delayed transactions, with global shutdown costs exceeding $12 billion in 2022 alone. Collateral effects extend to neutral third-party services, where blocking shared IP ranges inadvertently denies access to legitimate content, amplifying a between compliant and evasive users. Debates center on the tension between purported security gains and erosion of . Proponents argue that IP blocks safeguard by curbing cyber threats, terrorism-related content, and , citing instances where blocking reduced by up to 22% in targeted jurisdictions. Critics, however, contend that these tools enable arbitrary without oversight, disproportionately impacting free speech and , as blocks often ensnare unrelated domains and fail against circumvention tools, yielding minimal net while imposing transparency deficits. Studies underscore inefficacy, with blocking rates above 70% still permitting latency-tolerant evasion, yet provoking broader network vulnerabilities through manipulative infrastructure changes. Societally, IP blocking perpetuates power asymmetries, particularly in authoritarian contexts where it suppresses dissent and journalistic inquiry, as evidenced by opaque implementations lacking legal recourse. In democratic settings, analogous practices raise slippery-slope concerns, with calls for judicial warrants to balance imperatives like child protection against overreach that chills online discourse. Ongoing contention highlights a causal disconnect: while blocks may deter casual access to prohibited material, they incentivize underground economies for evasion technologies, ultimately undermining trust in digital governance without proportionally enhancing societal safety.

Historical Context

Inception and Initial Deployments

IP address blocking originated as a core function of packet-filtering firewalls, which inspect the headers of IP packets—including source and destination addresses—to permit or deny traffic based on predefined rules. This technique emerged in the late , coinciding with the growing connectivity of TCP/IP networks and the need to control unauthorized access amid early cybersecurity threats. The first documented packet-filtering system, enabling IP-based blocking, was developed by (DEC) in 1988, operating at the network layer to filter individual packets without maintaining connection state. This implementation, often referred to as a basic "packet filter," allowed administrators to configure lists (ACLs) that rejected packets from specified IP addresses, primarily to segment internal networks from external ones in VMS-based environments. Initial deployments occurred in enterprise and research settings, such as DEC's own systems and early gateways, where they enforced rudimentary security policies by dropping packets matching block criteria, thereby mitigating risks from untrusted sources without deeper payload inspection. By 1989, packet filtering had formalized as the first generation of firewalls, with Mogul's proposal at DEC further refining IP header-based rules for broader router and gateway applications. These early systems were stateless, processing each packet independently, and saw initial use in protecting against basic denial-of-service attempts and unauthorized probes in nascent commercial networks transitioning from isolated LANs to interconnected WANs. Limitations, such as inability to track connection states or spoofed IPs, were evident from deployment, prompting refinements in subsequent years, though the foundational IP blocking mechanism proved effective for simple perimeter defense.

Expansion Amid Internet Maturation

As the transitioned from a primarily academic and research network in the to a commercial in the , IP address blocking expanded significantly to address emerging threats like unauthorized access and disruptive traffic. Packet-filtering firewalls, which inspect and block packets based on source or destination IP addresses, originated in the late but proliferated with the World Wide Web's growth and the influx of non-expert users following the commercialization enabled by the NSFNET decommissioning in 1995. This maturation phase saw network administrators routinely configuring routers and early firewalls to deny traffic from suspicious IPs, driven by the causal link between increased connectivity and vulnerabilities such as port scanning and basic denial-of-service attempts. A key driver of expansion was the surge in unsolicited commercial , or spam, which escalated in the mid-1990s as became ubiquitous for . The first large-scale spam campaign, the 1994 "Green Card Lottery" message sent by lawyers Canter and Siegel to millions of users, highlighted the scalability of IP-based abuse, prompting early manual blocking of offending senders' addresses. By 1997, the advent of the Realtime Blackhole List (RBL), developed by and others, formalized IP blacklisting by maintaining dynamic databases of spammer IPs that mail servers could query to reject incoming connections, marking a shift to collaborative, real-time blocking mechanisms. This tool's adoption correlated with spam comprising up to 10-15% of traffic by the late 1990s, compelling ISPs and enterprises to integrate IP blocking into standard anti-spam filters. Simultaneously, state-level IP blocking emerged for content control as governments grappled with the Internet's borderless nature. China's , initiated in the late 1990s and operational by 2000, incorporated IP blocking as a foundational tactic in its Great Firewall to restrict access to foreign sites deemed politically sensitive, blocking entire address ranges associated with platforms like and precursors. This approach, primitive yet effective for throttling traffic at scale, influenced other regimes; for instance, rudimentary IP filters were deployed in and by the early 2000s to enforce moral and political restrictions. Empirical from network logs during this era showed blocking efficacy limited by static lists but causally tied to reduced unwanted traffic volumes, underscoring IP blocking's role in balancing openness with control amid exponential user growth from 16 million in 1995 to over 400 million by 2000. By the early 2000s, maturation further amplified blocking's scope through proliferation and the first widespread DDoS incidents, such as the 2000 attacks on major sites like Yahoo and , which overwhelmed servers via spoofed IP floods and necessitated proactive blackholing of attacker ranges at ISP edges. These developments embedded IP blocking in layered defenses, evolving from ad-hoc rules to automated systems while revealing limitations like collateral blocking of legitimate users sharing dynamic IPs, a validated by firewall efficacy studies showing 70-90% mitigation of basic exploits.

Modern Developments and Prospects

Key Recent Initiatives and Case Studies

In 2024, implemented the "Piracy Shield" initiative under the authority of the Communications Regulatory Authority (AGCOM), mandating providers, DNS resolvers, and VPN services to block access to websites distributing unauthorized live sports events and other pirated content within five minutes of a complaint from holders. This system relies on a combination of domain, , and blocking, with automated enforcement to minimize delays, though critics from the argue it risks overblocking legitimate traffic due to shared IP infrastructures. By mid-2025, the initiative had led to the rapid takedown of hundreds of streaming domains during major events like matches, demonstrating efficacy in reducing illegal streams but raising concerns over enforcement scope extending to encrypted protocols. A notable case of IP-based overblocking occurred in in 2023–2024, where authorities targeted IP addresses associated with cloud hosting providers to curb illegal sports streaming, inadvertently disrupting access to unrelated legitimate services hosted on the same ranges. For instance, blocking actions against providers like affected and enterprise applications, with reports estimating thousands of collateral disruptions across European users, as documented in a 2025 analysis by the Internet Infrastructure Coalition. This incident underscores the technical limitations of IP blocking in multi-tenant environments, where single addresses serve diverse traffic, leading to inefficient enforcement and unintended economic impacts estimated in millions of euros for affected businesses. Following Russia's invasion of in February 2022, escalated IP address blocking of foreign social media platforms including , , and (now X), throttling or fully restricting access via state-mandated ISP filters affecting over 100 million users. By 2025, this had expanded to include VPN exit nodes and proxy IPs linked to circumvention tools, with documented blocks on approximately 20 major platforms, as per monitoring, aiming to curb information flows but resulting in widespread domestic adoption of alternative networks. The policy's causal effectiveness in suppressing dissent is debated, with empirical data showing reduced platform usage but persistent underground access via Tor and mirrors, highlighting blocking's role in state control amid geopolitical tensions. In cybersecurity contexts, the U.S. (CISA) in April 2025 issued guidance on countering "fast flux" techniques, which involve rapid IP rotations to evade blocks, recommending proactive IP reputation monitoring and dynamic blacklisting for . A case study from enterprise deployments, such as financial institutions using geo-IP blocking, prevented an estimated 40% of attempts in 2024 trials by restricting access from high-risk address ranges, according to reports from security firms analyzing over 10,000 incidents. These measures, integrated with threat intelligence feeds, illustrate IP blocking's utility in mitigating automated attacks, though evasion via residential proxies remains a persistent challenge requiring layered defenses.

Influences of Technological Shifts like

The adoption of introduces fundamental challenges to IP address blocking due to its vastly expanded 128-bit , which renders broad-range blocking impractical without excessive collateral damage. Unlike IPv4's 32-bit space, where address scarcity and (NAT) often concentrate multiple users behind shared IPs, assigns unique global addresses to devices via /64 prefixes, each supporting up to 2^64 (approximately 18 quintillion) host addresses. Blocking an entire /64 prefix to target a single evader risks denying access to thousands of legitimate users within the same , a scale unattainable in IPv4 deployments. This necessitates more granular blocking strategies, such as monitoring patterns within /64 , but the sheer volume complicates enforcement and increases false positives. IPv6 privacy extensions exacerbate evasion by enabling devices to generate temporary, randomized that change frequently, undermining static IP bans. These extensions, specified in RFC 4941 (updated by RFC 8981), use cryptographic hashing to create interface identifiers from random values, forming new global appended to stable prefixes; preferred lifetimes default to about one day, with regeneration occurring shortly before expiration or upon link changes. As a result, a blocked becomes obsolete within hours, allowing seamless reconnection without altering network configuration, which contrasts with IPv4's relatively static or DHCP-cycled assignments. Network administrators or services relying on IP persistence for enforcement must thus track dynamic address lifecycles or block prefixes, amplifying overblocking risks and operational overhead. Transition mechanisms and protocol features further facilitate circumvention of IPv4-centric blocks. Tunnel-based -over-IPv4 encapsulation permits to traverse IPv4-blocked paths via alternative endpoints, evading detection if the tunnel obscures origins. Additionally, extension headers—such as fragmentation and destination options—can be manipulated to confuse intrusion prevention systems (IPS) parsing; techniques like incorrect "next header" values in fragments or excessive header repetitions cause mismatches in signature detection, allowing prohibited payloads (e.g., port scans or exploits) to pass while being dropped by the target. Empirical studies confirm inconsistent handling in infrastructures, with nearly all analyzed DNS censors supporting blocking but implementing it poorly, leading to higher success rates for queries compared to IPv4 equivalents. Real-world cases illustrate these shifts, particularly as IPv6 adoption reached 43% globally by early 2025. In Italy's Piracy Shield initiative, launched in 2024 and expanded by June 2025, IPv4-only blocking of 10,918 addresses and 18,849 domains proved vulnerable; 23.6% of targeted domains shifted to post-block, enabling evasion, while over 500 unrelated sites suffered collateral blocking. Such gaps highlight causal dependencies: incomplete support in blocking tools creates exploitable disparities, pressuring enforcers to invest in dual-stack capabilities amid rising deployment, yet persistent lags favor evaders in transitional networks.

References

  1. https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
  2. https://www.fortinet.com/resources/cyberglossary/network-access-control-list
  3. https://www.ipv4.global/events/ip-blocking/
  4. https://interlir.com/2024/09/27/what-are-ip-blocks-and-how-do-they-work/
  5. https://www.ietf.org/archive/id/draft-irtf-pearg-censorship-09.html
  6. https://www.amnesty.org/en/latest/campaigns/2024/11/how-do-authorities-use-firewalls-and-other-tools-of-internet-control/
  7. https://www.anura.io/blog/is-ip-blocking-effective
  8. https://datatracker.ietf.org/doc/rfc7754/
  9. https://datatracker.ietf.org/doc/html/rfc791
  10. https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html
  11. https://aws.amazon.com/compare/the-difference-between-ipv4-and-ipv6/
  12. https://datatracker.ietf.org/doc/html/rfc8200
  13. https://www.siteground.com/kb/ipv4-vs-ipv6/
  14. https://www.goodaccess.com/blog/static-vs-dynamic-ip-address
  15. https://datatracker.ietf.org/doc/html/rfc1918
  16. https://www.cisco.com/site/us/en/learn/topics/networking/what-is-network-address-translation-nat.html
  17. https://blog.apnic.net/2020/12/22/reduce-the-effects-of-nat-for-your-ip-blocklists/
  18. https://www.timusnetworks.com/understanding-network-address-translation-a-comprehensive-guide/
  19. https://learn.microsoft.com/en-us/azure/virtual-network/ip-based-access-control-list-overview
  20. https://codilime.com/blog/network-acl-processing-algorithms-optimizing-firewall-performance/
  21. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-41r1.pdf
  22. https://aws.amazon.com/blogs/security/centrally-manage-vpc-network-acl-rules-to-block-unwanted-traffic-using-aws-firewall-manager/
  23. https://www.servermania.com/kb/articles/ip-blocking-and-iptables-in-linux
  24. https://htaccessbook.com/block-ip-address/
  25. https://www.cisco.com/c/en/us/td/docs/security/firepower/70/asa-fp-services/asafps-local-mgmt-config-guide-v70/blacklisting_using_security_intelligence_ip_address_reputation.html
  26. https://freedomhouse.org/country/russia/freedom-net/2019
  27. https://aws.amazon.com/what-is/cidr/
  28. https://www.catonetworks.com/blog/unmasking-the-challenges-of-blocking-malicious-ip-addresses-overcoming-the-unknown/
  29. https://www.apnic.net/manage-ip/apnic-services/registration-services/resource-quality-assurance/filtering/
  30. https://phoenixnap.com/kb/block-ip
  31. https://solveforce.com/ip-blocking-enhancing-network-security-and-access-control/
  32. https://www.imperva.com/learn/application-security/ip-blacklist/
  33. https://www.esecurityplanet.com/networks/how-to-stop-ddos-attacks-tips-for-fighting-ddos-attacks/
  34. https://security.stackexchange.com/questions/178726/does-blocking-an-ip-with-ip-tables-protect-you-from-a-dos-not-ddos-attack
  35. https://www.reddit.com/r/AskNetsec/comments/18wo44w/waf_best_practices_app_specific_rules_to_block_or/
  36. https://www.coro.net/blog/the-power-of-allowing-and-blocking-ip-ranges
  37. https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html
  38. https://developers.cloudflare.com/waf/tools/ip-access-rules/
  39. https://www.stopforumspam.com/
  40. https://meta.discourse.org/t/i-would-like-to-block-a-range-of-ip-addresses-on-a-discourse-forum/340800
  41. https://cleantalk.org/ipb-anti-spam-hook
  42. https://proton.me/blog/russia-block
  43. https://techcrunch.com/2019/03/11/russia-blocks-protonmail/
  44. https://habr.com/en/companies/habr/articles/443638/
  45. https://ssd.eff.org/module/understanding-and-circumventing-network-censorship
  46. https://www.security.org/vpn/internet-censorship/
  47. https://www.clym.io/blog/geo-restrictions-vpn-access-control-a-guide-for-businesses
  48. https://www.maxmind.com/
  49. https://www.geoplugin.com/resources/country-ip-blocks-what-they-are-and-why-they-matter/
  50. https://ofac.treasury.gov/faqs/73
  51. https://www.internetsociety.org/resources/policybriefs/2025/perspectives-on-internet-content-blocking/
  52. https://www.sciencedirect.com/science/article/abs/pii/S0957582021004948
  53. https://www.csoonline.com/article/573129/how-blocking-and-controlling-traffic-can-stop-ddos-attacks.html
  54. https://arxiv.org/pdf/2308.08356
  55. https://www.cisco.com/c/dam/en_us/about/ciscoitatwork/downloads/ciscoitatwork/pdf/CSIRT_Network-Based_Intrusion_Prevention_System_Case_Study.pdf
  56. https://medium.com/qaclana/why-ip-based-rules-are-bad-but-we-still-use-it-99b4f356bc83
  57. https://www.malwarebytes.com/blog/news/2022/12/the-pitfalls-of-blocking-ip-addresses
  58. https://ieeexplore.ieee.org/iel8/6287639/10820123/10928993.pdf
  59. https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee-ssac-reports/sac127-dns-blocking-revisited-16-05-2025-en.pdf
  60. https://labs.ripe.net/author/antonio-prado/live-event-blocking-at-scale-effectiveness-vs-collateral-damage-in-italys-piracy-shield/
  61. https://www.openrightsgroup.org/app/uploads/2020/03/top10vpn-and-org-report-collateral-damage-in-the-war-against-online-harms.pdf
  62. https://www.freehaven.net/anonbib/cache/i2p-imc18.pdf
  63. https://oxylabs.io/blog/how-to-bypass-ip-bans
  64. https://www.astrill.com/blog/how-to-bypass-vpn-blocks/
  65. https://brightdata.com/blog/proxy-101/how-to-bypass-an-ip-ban
  66. https://soax.com/blog/what-is-ip-blocking
  67. https://marsproxies.com/blog/how-to-bypass-ip-bans/
  68. https://www.incognia.com/blog/toolkit-to-fight-ban-evading
  69. https://community.cloudflare.com/t/how-to-block-all-vpns-proxys-and-host-ips/303070
  70. https://www.fortinet.com/resources/cyberglossary/vpn-blocker
  71. https://seon.io/resources/device-fingerprinting/
  72. https://www.imperva.com/learn/application-security/rate-limiting/
  73. https://www.humansecurity.com/learn/topics/what-is-bot-management/
  74. https://www.radware.com/cyberpedia/bot-management/rate-limiting/
  75. https://itif.org/publications/2025/06/09/blocking-access-to-foreign-pirate-sites-a-long-overdue-task-for-congress/
  76. https://cs.stanford.edu/people/eroberts/cs181/projects/2010-11/FreeExpressionVsSocialCohesion/china_policy.html
  77. https://www.hrw.org/report/2025/07/30/disrupted-throttled-and-blocked/state-censorship-control-and-increasing-isolation
  78. https://www.internetsociety.org/resources/internet-fragmentation/the-chinese-firewall/
  79. https://www.goclickchina.com/insights/the-complete-guide-to-the-great-firewall-of-china-gfoc/
  80. https://www.usenix.org/conference/usenixsecurity23/presentation/wu-mingshi
  81. https://ooni.org/post/2023-russia-a-year-after-the-conflict/
  82. https://2ip.io/rkn-blacklist/
  83. https://therecord.media/russia-blocks-thousands-of-websites-that-use-cloudflare-service
  84. https://www.kgw.com/article/news/nation-world/russia-internet-blocking/507-de191842-c4ab-4de8-b328-989796eb1de9
  85. https://www.ip-brief.com/blogs/site-blocking
  86. https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/digital-services-act_en
  87. https://www.privacyworld.blog/2024/02/eu-digital-services-act-in-full-force/
  88. https://www.advant-beiten.com/en/news/how-the-digital-services-act-can-help-enforce-ip-rights
  89. https://itif.org/publications/2018/06/12/normalization-website-blocking-around-world-fight-against-piracy-online/
  90. https://www.comparitech.com/blog/vpn-privacy/internet-censorship-map/
  91. https://i2coalition.com/wp-content/uploads/2025/05/DNS-at-Risk-How-Network-Blocking-and-Fragmentation-Undermine-the-Global-Internet.pdf
  92. https://www.eff.org/issues/content-blocking
  93. https://blog.cloudflare.com/consequences-of-ip-blocking/
  94. https://cyber.harvard.edu/people/edelman/ip-sharing
  95. https://www.ofcom.org.uk/siteassets/resources/documents/research-and-data/online-research/other/csmg-websites-sharing-ip-addresses?lang=en
  96. https://torrentfreak.com/piracy-shield-study-reveals-massive-overblocking-collateral-damage-250909/
  97. https://husovec.eu/2017/07/ecthr-kharitonov-v-russia-when-website-html/
  98. https://strasbourgobservers.com/2020/08/26/the-strasbourg-court-establishes-standards-on-blocking-access-to-websites/
  99. https://www.theregister.com/2019/03/12/protonmail_blocked_russia_fsb/
  100. https://www.internetsociety.org/blog/2023/06/the-real-impact-of-internet-shutdowns/
  101. https://itif.org/publications/2022/01/26/decade-after-sopa-pipa-time-to-revisit-website-blocking/
  102. https://nordvpn.com/blog/internet-censorship-pros-and-cons/
  103. https://www.stimson.org/2025/who-controls-your-internet-the-debate-over-dns-blocking/
  104. https://arxiv.org/abs/1809.09086
  105. https://www.netreputation.com/internet-censorship-pros-cons/
  106. https://www.lacnic.net/4138/2/lacnic/unintended-consequences-of-website-blocking/
  107. https://www.paloaltonetworks.com/cyberpedia/history-of-firewalls
  108. https://www.softwaretestingmagazine.com/knowledge/the-evolution-of-firewall-technology-from-packet-filtering-to-deep-packet-inspection/
  109. https://ostec.blog/en/perimeter/firewall/
  110. https://www.fortinet.com/resources/cyberglossary/firewall
  111. https://gokulelango.medium.com/the-evolution-of-firewall-technology-from-packet-filtering-to-next-generation-firewalls-69b14977028d
  112. https://pcm.agency/a-brief-history-of-internet-spam/
  113. https://encyclopedia.kaspersky.com/knowledge/the-evolution-of-spam/
  114. https://cacm.acm.org/research/the-history-of-digital-spam/
  115. https://locknet.chinafile.com/the-locknet/part-3/
  116. https://www.thousandeyes.com/blog/internet-censorship-around-the-world
  117. https://datatracker.ietf.org/doc/draft-hall-censorship-tech/01/
  118. https://www.eset.com/blog/en/what-is/firewalls-cybersecurity-basics/
  119. https://www.internetsociety.org/wp-content/uploads/2025/09/Policy-Brief-Perspectives-on-Internet-Content-Blocking.pdf
  120. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-093a
  121. https://www.bitlyft.com/resources/real-world-successes-how-geo-blocking-prevented-cyber-incidents
  122. https://serverfault.com/questions/258466/how-are-ip-based-rules-eg-bans-filters-affected-once-ipv6-becomes-the-standar
  123. https://datatracker.ietf.org/doc/rfc4941/
  124. https://www.blackhat.com/docs/us-14/materials/us-14-Atlasis-Evasion-Of-HighEnd-IPS-Devices-In-The-Age-Of-IPv6-WP.pdf
  125. https://arxiv.org/abs/2508.07197
  126. https://ccdcoe.org/uploads/2018/10/ip6eva_0.pdf
  127. http://dnsmadeeasy.com/resources/the-state-of-ipv6-adoption-in-2025-progress-pitfalls-and-pathways-forward
  128. https://piracymonitor.org/italy-piracy-shield-found-committing-indiscriminate-blocking-losing-to-evolving-evasion-techniques/
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.