Cisco Access List BlackList IPs

I have a Cisco router 1921 and I'm trying to build an access list to prevent malicious IPs from accessing the network. where can i find a black list of IPs ? if they have wild card masks, it would be even better :)
LVL 1
DelmirocAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ernie BeekExpertCommented:
Well, blacklists are dynamic. Whatever you enter today might not be correct tomorrow. So personally I don't think it's a good idea to enter a static blacklist, you'll need to update that every day :-~ Furthermore, you normally set up a router or firewall to block all incoming traffic except return traffic to outgoing requests from inside hosts so everything (including 'malicous' IPs) should be blocked.
Most blacklists are email/spam related so those IPs won't try to access the network, they just spam your mailserver.

But perhaps I'm not getting the picture of what you are trying to do excactely, could you elaborate a bit?
DelmirocAuthor Commented:
I guess I can do that .. for only established connections from inside out and allowed certain ones. I would git that a try, but are there any list from like known hackers, information stealers, or botnet ? I was looking for a list like that :)
eeRootCommented:
Check with your ISP, they may have an ACL that they maintain and can apply to your connection.  But sadly there are no well-maintained & freely available lists of bad IPS's that should be blocked.
Ernie BeekExpertCommented:
Like eeRoot said: no well-maintained & freely available lists. Programs like websense have lists they maintain but these are more for blocking bad or malicious websites 'n stuff. So that is the other way round, it protects people from browsing to the wrong places (so simply put, for outgoing traffic not for incoming).
So indeed the best thing to do would be to anly allow established connections plus the few things you might need like email and try to make your router as stealth as possible (so ports are not only closed but don't reply at all to scans etc, all packets from scans for instance are just dropped).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DelmirocAuthor Commented:
ok sounds good, thanks guys, i will use the only allow established connections. I bet that would be better on router resources since it wont have to try to match so many entries on an access list.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.