IP filtering can be very useful, but more often than not it handles ports, or letting only a single server/node with a specific static IP address to access a service, or only your intranet (devices that are connected to your local, non-public net), or... IP bans for public websites, especially if the IPs under question belong to public leased ranges, are generally pointless and usually harm lawful users. IP addresses are not set, and can be very easily changed to almost any currently available number. Even if you don't knowingly IP-hop, your IP address will most likely not stay for very long, since your address doesn't typically "belong" to you - it's leased; static IP addresses are something you pay your net provider extra, and you generally don't want one unless you have a server to host. (By default, whenever you connect to wifi after being disconnected for a bit - or when the old IP address expires -, your computer will go "Hey, DHCP, I need an IP address to talk to the net!". And the DHCP will give you a random currently free one.) And it's leased from a company - some range of IP addresses will be clients of a net provider, another to an university, etc. Oh, and a single IP address can mean [i]thousands[/i] of simultaneous devices (due to different NATs). In the end, banning a non-static IP will mean that whoever currently has the IP will not be able to access - and with larger leasers, it just about might be that you might have made half a million people play a roulette of who gets the bad one. Which is not particularly effective by any stretch of the imagination. And if you get an unit with one static public IP for everyone, you now have punished a hundred, thousand, ... people at once. So ... yeah. It might be worth banning the static IP of a particularly troublesome server for a set amount of time (surprise-surprise, a server might decide to hop IPs, too, especially if too many places have banned them, and then the IP goes back into the pool). The IP leased to some random home PC? Never worth banning. Ehh... Sure, we could follow the bots' IP addresses for a bit, see whether they map back to a server pretending to be many people, or some subset with a common public IP, but if it is paid "human bots", or infected computers, or anything of the sort, that'll lead nowhere.