Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: CISCO ACLs.. Are there lists already out there to protect me from tr

from [Jacob] Network Security [Permanent Link]
Subject: RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?
Date: Wed, 9 Nov 2005 11:13:05 -0800 
Here is a snippet of what I have on my routers.  XXX.XXX.XXX.0 is your
network. (In my case, a /24)

access-list 199 deny   ip 10.0.0.0 0.255.255.255 any
access-list 199 deny   ip 172.16.0.0 0.15.255.255 any
access-list 199 deny   ip 192.168.0.0 0.0.255.255 any
access-list 199 deny   ip 127.0.0.0 0.255.255.255 any
access-list 199 deny   ip 224.0.0.0 31.255.255.255 any
access-list 199 deny   ip host 255.255.255.255 any
access-list 199 deny   ip host 0.0.0.0 any
access-list 199 deny   ip xxx.xxx.xxx.0 0.0.0.255 any
access-list 199 deny   tcp any any range 135 139
access-list 199 deny   udp any any range 135 netbios-ss
access-list 199 deny   tcp any any eq 445
access-list 199 deny   udp any any eq 445

Then, you want to allow only traffic that is legit, for example:

access-list 199 permit tcp any any eq www

Ending with a deny all. (or leave as is.  Deny all is allow added at the
end.)

-----Original Message-----
From: Pigeon [mailto:fredit@charter.net] 
Sent: Tuesday, November 08, 2005 9:27 PM
To: security-basics@securityfocus.com
Subject: CISCO ACLs.. Are there lists already out there to protect me from
trojans and known bad sites?

I just got my first cisco router in (well for home use :) ).. and I want to 
lock my network down.. Are there any default ACL lists that will block:
A) known bad IPs
B) trojan ports
C) protection against spoofing (aka denying  private IP source port incoming

in the WAN port)

I know I will have to modify whatever I have.. but a general list would be 
great!

thanks!
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Are there any pocketable Hardware Password Vaults, Jon Gucinski
Next by Date:  RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?, Christopher Carpenter
Previous by Thread:  CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?, Pigeon
Next by Thread:  RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?, dave kleiman
Indexes:  [Date] [Thread] [Top] [All Lists]