17 August 2021
What is IP Address Blacklisting?
Public IP addresses are assigned by an Internet Service Provider (ISP) such as GO to client connections. Such IP addresses may be temporarily or permanently assigned to a modem, while whole IP subnets or IP address ranges may be assigned to business connections that host more devices or services. In certain cases, public IP addresses may also be shared between different device connections using Carrier Grade Network Address Translation (CGNAT). In all of the above cases, the public IP address together with the service port is the identifier of your connection towards any website or service on the Internet and having a public IP address is an essential component of any Internet connection.
While most Internet traffic is legitimate and harmless, certain traffic is related to malicious activity such as the distribution of malware, cyber attacks, distributed denial of service (DDoS), sharing of copyrighted material and other illegal or dangerous activities. Such malicious activity may be initiated by a malicious individual or organisation but in most cases the device participating in such activity may become infected with malware without its owner’s knowledge. In the latter case the device’s owner would also be a victim of such malicious activities, with possible repercussions on the security and privacy of their data.
Several organisations on the Internet maintain lists of IP addresses involved in such malicious activities. These so called Blacklists would then be used by any other organisation wishing to protect its infrastructure or services from being accessed by such malicious IPs. The effect on connections with blacklisted IPs is that any device originating connections from these IPs would not be able to send out emails or browse any websites or services that apply blacklist filtering.
How can I avoid being blacklisted?
There are hundreds of blacklists on the Internet and they vary in the way they detect, list and delist IP addresses. However, certain basic principles will prevent your assigned IP addresses from being blacklisted, thus avoiding adverse impact on your connectivity and possibly your business:
Adopt basic cyber hygiene practices such as:
Depending on the type of organisation using the Internet connection, the following may be relevant especially for businesses:
Avoiding any malicious or illegal activities
What happens if I still get blacklisted?
Following the basic security steps indicated above will go a long way to prevent most attacks being successful, however there may still be instances where devices become infected and attackers use these devices for their own benefit. In most cases infected devices are joined to so called botnets, which are collections of infected devices that the attackers have control on, and which are used to launch attacks on their behalf.
It is important to note that GO does not add its own customers’ IPs on these public blacklists nor does GO have access to remove IPs from such blacklists. Third party blacklists will add or remove IPs based on observed activity on the Internet.
In such cases you may notice that you are blacklisted when you try to legitimately access a website and you are denied access, or when your mail server’s outgoing emails are rejected because the remote mail server will not trust your server. GO may also notify any customers when it detects they have become blacklisted so they can investigate and fix the root cause of such blacklisting actions.
At this point you would have to look into any devices that are using the blacklisted connection, possibly with the help of IT or cyber security professionals, to identify what caused the blacklisting in the first place and to mitigate any identified issues. This is extremely important for these reasons:
Most blacklists will automatically remove (delist) the IP address after a few days as long as the IP remains clean, i.e. with no further related malicious activity.
Creating a Safer Internet for Everyone
The Internet has become a critical tool for most individuals and businesses, it is difficult to imagine our lives without it today. We form part of a global community which is becoming increasingly dependent on digital technologies. But making safe use of the Internet also depends on the actions of the community as a whole. If everyone follows basic cyber security principles as described in this article, we should all be safer together.
By Kenneth Ciangura, CISSP, CISM
Information Security Manager at GO