RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?

From: Christopher Carpenter (ccarpenter_at_dswa.net)
Date: 11/09/05

  • Next message: Chris Moody: "Re: Sender Spoofing via SMTP"
    Date: Wed, 9 Nov 2005 12:29:17 -0700
    To: "Pigeon" <fredit@charter.net>, <security-basics@securityfocus.com>
    
    

    Look at it the other way. You want to DENY ALL, then ALLOW SOME. Block
    all ports and IPs, and then grant access to the ones you need.

    If you ALLOW ALL, DENY SOME you will end up fighting a losing battle
    creating ACL after ACL.

    Make sense?

    C

    -----Original Message-----
    From: Pigeon [mailto:fredit@charter.net]
    Sent: Tuesday, November 08, 2005 10:27 PM
    To: security-basics@securityfocus.com
    Subject: CISCO ACLs.. Are there lists already out there to protect me
    from trojans and known bad sites?

    I just got my first cisco router in (well for home use :) ).. and I want
    to
    lock my network down.. Are there any default ACL lists that will block:
    A) known bad IPs
    B) trojan ports
    C) protection against spoofing (aka denying private IP source port
    incoming
    in the WAN port)

    I know I will have to modify whatever I have.. but a general list would
    be
    great!

    thanks!


  • Next message: Chris Moody: "Re: Sender Spoofing via SMTP"

    Relevant Pages

    • Squid with Dansguardian problem.
      ... I am sorry for asking question to debian list about dansguardian. ... acl yerel src 192.168.0.0/24 ... acl Safe_ports port 1025-65535 # unregistered ports ... http_access deny manager ...
      (Debian-User)
    • Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?
      ... You want to DENY ALL, ... > all ports and IPs, and then grant access to the ones you need. ... > creating ACL after ACL. ...
      (Security-Basics)
    • RE: IM Programs
      ... want to block these ports. ... you don't need an explicit deny for the other ports. ... Access-list 101 deny any tcp any any eq 5000 ... >Now, when applying these to your firewall, make sure the number ...
      (Security-Basics)
    • Re: Configuring Cisco IPS High Bandwidth Using EtherChannel Load Balancing
      ... 'inline' nature of the IPS I would think that the trunk port option is ... traffic through the IPS. ... then the interfaces can be trunk ports. ... "If the paired interfaces are connected to the same switch, ...
      (Focus-IDS)
    • Re: iptables configuration
      ... >> that if a 'virus/trojan' initiated a connection to the net, the firewall ... >> would not protect the LAN. ... The LAN is NATed with private IPs to one public IP. ... the ports that are used by services running on linux. ...
      (comp.os.linux.security)