Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1494
  • Last Modified:

Cisco Access List BlackList IPs

I have a Cisco router 1921 and I'm trying to build an access list to prevent malicious IPs from accessing the network. where can i find a black list of IPs ? if they have wild card masks, it would be even better :)
0
Delmiroc
Asked:
Delmiroc
  • 2
  • 2
2 Solutions
 
Ernie BeekExpertCommented:
Well, blacklists are dynamic. Whatever you enter today might not be correct tomorrow. So personally I don't think it's a good idea to enter a static blacklist, you'll need to update that every day :-~ Furthermore, you normally set up a router or firewall to block all incoming traffic except return traffic to outgoing requests from inside hosts so everything (including 'malicous' IPs) should be blocked.
Most blacklists are email/spam related so those IPs won't try to access the network, they just spam your mailserver.

But perhaps I'm not getting the picture of what you are trying to do excactely, could you elaborate a bit?
0
 
DelmirocAuthor Commented:
I guess I can do that .. for only established connections from inside out and allowed certain ones. I would git that a try, but are there any list from like known hackers, information stealers, or botnet ? I was looking for a list like that :)
0
 
eeRootCommented:
Check with your ISP, they may have an ACL that they maintain and can apply to your connection.  But sadly there are no well-maintained & freely available lists of bad IPS's that should be blocked.
0
 
Ernie BeekExpertCommented:
Like eeRoot said: no well-maintained & freely available lists. Programs like websense have lists they maintain but these are more for blocking bad or malicious websites 'n stuff. So that is the other way round, it protects people from browsing to the wrong places (so simply put, for outgoing traffic not for incoming).
So indeed the best thing to do would be to anly allow established connections plus the few things you might need like email and try to make your router as stealth as possible (so ports are not only closed but don't reply at all to scans etc, all packets from scans for instance are just dropped).
0
 
DelmirocAuthor Commented:
ok sounds good, thanks guys, i will use the only allow established connections. I bet that would be better on router resources since it wont have to try to match so many entries on an access list.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now