How Useful Is IP Address Information for Security?

When bad guys start attacking your server, one of the first things you might try to stop it is to block their IP addresses. In some instances, this works perfectly and will remove your problem quite thoroughly; however, it is not always effective. Therefore, it is important to know when it is useful to block or monitor IP addresses, and when you might be better served to try other techniques. 

The most important thing to understand about IP addresses is they can either be static or dynamic. Your dedicated server has a static IP address that never changes as long as you have it. Many Internet users have dynamic addresses with their broadband accounts. They may keep the same IP for as long as they have their cable or DSL modems connected, but that depends on the ISP.

The second important thing to know is that cyber criminals are very aware that system administrators can track IP addresses. Because of this, they often take steps to mask their true locations through proxies or other servers. Also, for large-scale assaults, such as DDoS attacks, the computers that bombard your server are usually just pawns, infected with the bot the attacker is using against you.

If you are consistently being hit by the same IP address, and you can trace the host name to an ISP, you can probably safely block that IP address. If you are getting hit with the same type of data from multiple IP addresses over several hours, you may have a more complex problem. Investigate all options and look at more than just the IP address to get a true sense of who or what is attacking you.