I'm wondering...If someone has a dynamic IP address, and he is blocked from a website based on his IP address, couldn't he just disconnect from the internet, and sign back on (automaticly getting a new IP address, since he has a dynamic IP address) and be able to bypass the firewall's IP block?
That is true, but it all depends on how his ISP assigns addresses. With some ISPs depending on the size of their public IP allocation, it may be possible that when he reconnects he may have the same IP unless he's been signed off for a while.
That's true especially with dialup connections, but if someone is using an adsl connection with a dynamic ip he may have the same IP for about 3 days... The bad thing is that the new person that gets the blocked ip will not be able to browse to that webpage....
heh Berzerker, at home, I've had the same IP address for more than a month -my subscription has also expired some weeks now, but that's an other story
As Dalight said, it's a matter of the ISP's allocation policy.
Bans based on IP address serve only to make understandable to the user that he has done something wrong. Obviously it is easy to bypass that kind of blocking -there are numerous ways to be blocked based on other, more efficient identification criteria, but in the end there are only so much that one can do to and from a point after, it just doesn't worth the trouble: if the user is stuborn, wants to play it smart, has time to kill or whatever, he'll get through anyway.
It is also easy to block subcribers of a specific ISP, or of a specific department of an ISP, regardless of whether the IP addresses assigned are consistent, based on their reverse DNS which is usually consistent.
With a combination of the above you can give someone a hard time accessing the web page, but there is nothing of these information that can not be changed by the user, so in the end you may end up wasting resources from your server and from all your wanted users, or risking compatibility, just to delay one or two unwanted users that eventually will bypass all the checks