Solved

Cisco Access List BlackList IPs

Posted on 2012-04-07
5
1,437 Views
Last Modified: 2012-04-10
I have a Cisco router 1921 and I'm trying to build an access list to prevent malicious IPs from accessing the network. where can i find a black list of IPs ? if they have wild card masks, it would be even better :)
0
Comment
Question by:Delmiroc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37821090
Well, blacklists are dynamic. Whatever you enter today might not be correct tomorrow. So personally I don't think it's a good idea to enter a static blacklist, you'll need to update that every day :-~ Furthermore, you normally set up a router or firewall to block all incoming traffic except return traffic to outgoing requests from inside hosts so everything (including 'malicous' IPs) should be blocked.
Most blacklists are email/spam related so those IPs won't try to access the network, they just spam your mailserver.

But perhaps I'm not getting the picture of what you are trying to do excactely, could you elaborate a bit?
0
 
LVL 1

Author Comment

by:Delmiroc
ID: 37821134
I guess I can do that .. for only established connections from inside out and allowed certain ones. I would git that a try, but are there any list from like known hackers, information stealers, or botnet ? I was looking for a list like that :)
0
 
LVL 22

Assisted Solution

by:eeRoot
eeRoot earned 250 total points
ID: 37826286
Check with your ISP, they may have an ACL that they maintain and can apply to your connection.  But sadly there are no well-maintained & freely available lists of bad IPS's that should be blocked.
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 250 total points
ID: 37826562
Like eeRoot said: no well-maintained & freely available lists. Programs like websense have lists they maintain but these are more for blocking bad or malicious websites 'n stuff. So that is the other way round, it protects people from browsing to the wrong places (so simply put, for outgoing traffic not for incoming).
So indeed the best thing to do would be to anly allow established connections plus the few things you might need like email and try to make your router as stealth as possible (so ports are not only closed but don't reply at all to scans etc, all packets from scans for instance are just dropped).
0
 
LVL 1

Author Closing Comment

by:Delmiroc
ID: 37827208
ok sounds good, thanks guys, i will use the only allow established connections. I bet that would be better on router resources since it wont have to try to match so many entries on an access list.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question