If you want to block IPs then block them at the webserver level rather than as the page is served.
Even if you block a specific IP address rather than a range you're potentially blocking "legit sources", though obviously you're more likely to blog legit traffic if you're blocking a range.
Your assumption that two people sharing the first three octets of their IP address are the same (to 1 in a million) is highly flawed -- most people's IP addresses come from their ISP, company, university etc, and many will be coming through a proxy server -- blocking even a single IP is potentialy going to hit "innocent" users.
minor edit on method