Banning an IP address

Question

I banned an IP on my server, but I'd also like to ban using the CIDR method, e.g. IP/24.

My questions are:

How do I find the CIDR range of the IP address.
When banning the range, if the user has a dynamic IP given to them by their ISP. They would be able to bypass the ban, correct?

On what reason do you want to ban this IP? – George Y Oct 22 '20 at 04:46 — George Y, Oct 22 '20 at 04:46

score 1 · Answer 1 · answered Oct 21 '20 at 21:17

whois <ip address> will typically show you the ip range associated with the IP address (you might have to put some of it into ipcalc or similar. There are a bunch of websites which will do a WHOIS on the IP address
If you have banned a single ip address then chances are they can disconnect then reconnect and their ISP will hand them a different IP address. If you ban the entire ip range of an ISP then they would need to proxy through something (VPN) or switch ISP's. Note many of the larger ISP have multiple seemingly unconnected ip ranges as they have gone to their LIR over time to get more allocations.

Simply banning an IP address isn't always the best way forward

If you ban the entire ip range of an ISP then they would need to proxy through something (VPN) or switch ISP's. - This is is only if they do not have dynamic IP ability? I've seen IPs given to users that are 45.0.0.0 then swap to 180.0.0.0 as an example, which would mean its on a different range/subnet? — Usernamehere, Oct 22 '20 at 01:13

1 Answers1