Security Basics mailing list archives

RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?

From: "Christopher Carpenter" <ccarpenter () dswa net>
Date: Wed, 9 Nov 2005 12:29:17 -0700

Look at it the other way.  You want to DENY ALL, then ALLOW SOME.  Block
all ports and IPs, and then grant access to the ones you need.

If you ALLOW ALL, DENY SOME you will end up fighting a losing battle
creating ACL after ACL.

Make sense?

C

-----Original Message-----
From: Pigeon [mailto:fredit () charter net] 
Sent: Tuesday, November 08, 2005 10:27 PM
To: security-basics () securityfocus com
Subject: CISCO ACLs.. Are there lists already out there to protect me
from trojans and known bad sites?

I just got my first cisco router in (well for home use :) ).. and I want
to 
lock my network down.. Are there any default ACL lists that will block:
A) known bad IPs
B) trojan ports
C) protection against spoofing (aka denying  private IP source port
incoming 
in the WAN port)

I know I will have to modify whatever I have.. but a general list would
be 
great!

thanks!

Current thread:

CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Pigeon (Nov 09)
- RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Jacob (Nov 10)
- RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? dave kleiman (Nov 10)
- Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Austin Murkland (Nov 10)
- <Possible follow-ups>
- RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Christopher Carpenter (Nov 10)
  - Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Dave Bush (Nov 15)
    - Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites? Chris Davis (Nov 16)