RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?

From: Jacob (jacob_at_excaliburfilms.com)
Date: 11/09/05

  • Next message: Christopher Carpenter: "RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?"
    To: <security-basics@securityfocus.com>
    Date: Wed, 9 Nov 2005 11:13:05 -0800
    
    

    Here is a snippet of what I have on my routers. XXX.XXX.XXX.0 is your
    network. (In my case, a /24)

    access-list 199 deny ip 10.0.0.0 0.255.255.255 any
    access-list 199 deny ip 172.16.0.0 0.15.255.255 any
    access-list 199 deny ip 192.168.0.0 0.0.255.255 any
    access-list 199 deny ip 127.0.0.0 0.255.255.255 any
    access-list 199 deny ip 224.0.0.0 31.255.255.255 any
    access-list 199 deny ip host 255.255.255.255 any
    access-list 199 deny ip host 0.0.0.0 any
    access-list 199 deny ip xxx.xxx.xxx.0 0.0.0.255 any
    access-list 199 deny tcp any any range 135 139
    access-list 199 deny udp any any range 135 netbios-ss
    access-list 199 deny tcp any any eq 445
    access-list 199 deny udp any any eq 445

    Then, you want to allow only traffic that is legit, for example:

    access-list 199 permit tcp any any eq www

    Ending with a deny all. (or leave as is. Deny all is allow added at the
    end.)

    -----Original Message-----
    From: Pigeon [mailto:fredit@charter.net]
    Sent: Tuesday, November 08, 2005 9:27 PM
    To: security-basics@securityfocus.com
    Subject: CISCO ACLs.. Are there lists already out there to protect me from
    trojans and known bad sites?

    I just got my first cisco router in (well for home use :) ).. and I want to
    lock my network down.. Are there any default ACL lists that will block:
    A) known bad IPs
    B) trojan ports
    C) protection against spoofing (aka denying private IP source port incoming

    in the WAN port)

    I know I will have to modify whatever I have.. but a general list would be
    great!

    thanks!


  • Next message: Christopher Carpenter: "RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?"