Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco Access List BlackList IPs

Posted on 2012-04-07
5
Medium Priority
?
1,455 Views
Last Modified: 2012-04-10
I have a Cisco router 1921 and I'm trying to build an access list to prevent malicious IPs from accessing the network. where can i find a black list of IPs ? if they have wild card masks, it would be even better :)
0
Comment
Question by:Delmiroc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37821090
Well, blacklists are dynamic. Whatever you enter today might not be correct tomorrow. So personally I don't think it's a good idea to enter a static blacklist, you'll need to update that every day :-~ Furthermore, you normally set up a router or firewall to block all incoming traffic except return traffic to outgoing requests from inside hosts so everything (including 'malicous' IPs) should be blocked.
Most blacklists are email/spam related so those IPs won't try to access the network, they just spam your mailserver.

But perhaps I'm not getting the picture of what you are trying to do excactely, could you elaborate a bit?
0
 
LVL 1

Author Comment

by:Delmiroc
ID: 37821134
I guess I can do that .. for only established connections from inside out and allowed certain ones. I would git that a try, but are there any list from like known hackers, information stealers, or botnet ? I was looking for a list like that :)
0
 
LVL 22

Assisted Solution

by:eeRoot
eeRoot earned 750 total points
ID: 37826286
Check with your ISP, they may have an ACL that they maintain and can apply to your connection.  But sadly there are no well-maintained & freely available lists of bad IPS's that should be blocked.
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 750 total points
ID: 37826562
Like eeRoot said: no well-maintained & freely available lists. Programs like websense have lists they maintain but these are more for blocking bad or malicious websites 'n stuff. So that is the other way round, it protects people from browsing to the wrong places (so simply put, for outgoing traffic not for incoming).
So indeed the best thing to do would be to anly allow established connections plus the few things you might need like email and try to make your router as stealth as possible (so ports are not only closed but don't reply at all to scans etc, all packets from scans for instance are just dropped).
0
 
LVL 1

Author Closing Comment

by:Delmiroc
ID: 37827208
ok sounds good, thanks guys, i will use the only allow established connections. I bet that would be better on router resources since it wont have to try to match so many entries on an access list.
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question