<p>Network administrators often blacklist certain websites in their network based on organizational policy. This is usually setup by creating firewall rules that denies traffic to those sites. Occasionally, this is done by taking only the domain name into consideration, without referencing the corresponding ip address. This can be a security flaw, because it could mean that a user could still access a restricted resource and bypass the firewall rule through the ip address. For example, if an organization has restricted employees from using Facebook during working hours, and the network administrator has only denied traffic to <a href="http://facebook.com" class="autolinkedURL autolinkedURL-url" target="_blank">facebook.com</a>, and employee could attempt to access Facebook through one of its ip address, which is 157.240.1.35 </p>


Network administrators often blacklist certain websites in their network based on organizational policy. This is usually setup by creating firewall rules that denies traffic to those sites. Occasionally, this is done by taking only the domain name into consideration, without referencing the corresponding ip address. This can be a security flaw, because it could mean that a user could still access a restricted resource and bypass the firewall rule through the ip address. For example, if an organization has restricted employees from using Facebook during working hours, and the network administrator has only denied traffic to facebook.com, and employee could attempt to access Facebook through one of its ip address, which is 157.240.1.35 

Evading firewalls basics: using an ip address rather than a domain name