That can be sticky. A lot of places have thousands of users who all appear to the webserver as being at the same IP address. Even my own site has half a dozen, and it's just a SOHO setup.
You could use cookies, but of course, anyone attempting to assault you would also probably be impolite enough to strip out the cookies.
There are a number of
JSF captcha tags available right now, so displaying and filtering via captcha is easy. If you truly want to grab IP addresses, you could build a hashtable in the backing bean, add IPs as they come in, and set the "rendered" attribute on the captcha according to whether the entry is new or a repeat.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.