User blog:KnazO/What is a Range Block and how do I use them?

Are you an admin on a wiki and come across recurring IP address vandals with slightly different addresses each time? There's a neat less-known type of block known as a Range Block. It is a powerful tool and can be used by any administrator on a wiki, if the vandals IP address is known. If misused it can wreak havoc on a wiki, so it should be used wisely after necessary checks have been made.

Case Study
Let's say there's an IP address called 123.123.123.12 and they vandalise your wiki. So you revert their changes and block them, as usual. However, a few minutes later another IP vandal appears called 123.123.123.13 and they do similar vandalism as the first. You are almost certain they're the same individual since the behaviour and address is so similar, as well as the short span of time when the edits occurred. However yet another IP appears named 123.123.123.11 and thus it continues, you revert and block. And so on.

But did you know there's a better way to go about this when multiple similar IP addresses vandalise?

How It Works
IP addresses are broken up into blocks of numbers.

An example of this would be  through to.

Once it reaches  the next number is.

IP addresses can be broken up in to smaller or larger blocks.

The smallest practical block is a block of 4.

This could be one of the following:



Of each block of 4 numbers, only two can be assigned to a computer.

The first and last numbers of any block are reserved for network communication.

These are level 30 blocks and can be expressed like this:



The next largest block is 8.

They can be as follows:



In this block of 8 numbers only 6 can be assigned to a computer as, once again, the first and last numbers in a block are reserved for specific uses in network communication.

These can also be expressed as follows:



From this point on, the number of IP addresses in a block continues to double: 16, 32, 64, 128, 256, etc.


 * A block of 16 would start.
 * A block of 32 would start.
 * A block of 64 would start.
 * A block of 128 would start.
 * A block of 256 would start.

So if you have an IP address and you want to block the range assigned how do you know which one to use?

Let's say you have a problem with.

You can lookup who has this IP address at http://arin.net/whois/?queryinput=148.20.57.34.

Say this tells us that this IP address is assigned, along with a LOT of others in a  range, to the Department of Defense.

We certainly don't want to block a large block of the DoD!

The rule of thumb is block as little as possible.

Only block a range if there is a cluster of IP addresses giving a problem.

There's a calculator that is very useful for this:
 * http://www.csgnetwork.com/ipinfocalc.html

Go to this site and enter  into the first set of blanks.

Now select Network Prefix Length and enter  (this will give a block of 32 addresses) and click Calculate Network Information.

This will show us a block of 32 IP addresses that include.

You can use this tool to test ranges to be sure they are what you want before entering the information to initiate the block.

Summary
For users who didn't know how range blocks worked or what they are, I hope this blog provided useful insight into that and helps you administer your wiki better. Remember: range blocks are very powerful; a mistake of a /11 range block instead of /12 can have drastic consequences and may cause innocent users of your wiki to appear blocked.

Also, like most IP address blocks, you should never block them infinitely. While an IP address or range may belong to a VPN or proxy service that is most likely only used by trolls, most IP addresses are recycled over time and a proxy/VPN IP range could later be used by an innocent home user. I find that 3 months is a suitable block for persistent IP range abuse.