Cisco Access List BlackList IPs

I have a Cisco router 1921 and I'm trying to build an access list to prevent malicious IPs from accessing the network. where can i find a black list of IPs ? if they have wild card masks, it would be even better :)
LVL 1
DelmirocAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Ernie BeekConnect With a Mentor ExpertCommented:
Like eeRoot said: no well-maintained & freely available lists. Programs like websense have lists they maintain but these are more for blocking bad or malicious websites 'n stuff. So that is the other way round, it protects people from browsing to the wrong places (so simply put, for outgoing traffic not for incoming).
So indeed the best thing to do would be to anly allow established connections plus the few things you might need like email and try to make your router as stealth as possible (so ports are not only closed but don't reply at all to scans etc, all packets from scans for instance are just dropped).
0
 
Ernie BeekExpertCommented:
Well, blacklists are dynamic. Whatever you enter today might not be correct tomorrow. So personally I don't think it's a good idea to enter a static blacklist, you'll need to update that every day :-~ Furthermore, you normally set up a router or firewall to block all incoming traffic except return traffic to outgoing requests from inside hosts so everything (including 'malicous' IPs) should be blocked.
Most blacklists are email/spam related so those IPs won't try to access the network, they just spam your mailserver.

But perhaps I'm not getting the picture of what you are trying to do excactely, could you elaborate a bit?
0
 
DelmirocAuthor Commented:
I guess I can do that .. for only established connections from inside out and allowed certain ones. I would git that a try, but are there any list from like known hackers, information stealers, or botnet ? I was looking for a list like that :)
0
 
eeRootConnect With a Mentor Commented:
Check with your ISP, they may have an ACL that they maintain and can apply to your connection.  But sadly there are no well-maintained & freely available lists of bad IPS's that should be blocked.
0
 
DelmirocAuthor Commented:
ok sounds good, thanks guys, i will use the only allow established connections. I bet that would be better on router resources since it wont have to try to match so many entries on an access list.
0
All Courses

From novice to tech pro — start learning today.