RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?

["Jacob" <jacob () excaliburfilms com>]

Here is a snippet of what I have on my routers.  XXX.XXX.XXX.0 is your
network. (In my case, a /24)

access-list 199 deny   ip 10.0.0.0 0.255.255.255 any
access-list 199 deny   ip 172.16.0.0 0.15.255.255 any
access-list 199 deny   ip 192.168.0.0 0.0.255.255 any
access-list 199 deny   ip 127.0.0.0 0.255.255.255 any
access-list 199 deny   ip 224.0.0.0 31.255.255.255 any
access-list 199 deny   ip host 255.255.255.255 any
access-list 199 deny   ip host 0.0.0.0 any
access-list 199 deny   ip xxx.xxx.xxx.0 0.0.0.255 any
access-list 199 deny   tcp any any range 135 139
access-list 199 deny   udp any any range 135 netbios-ss
access-list 199 deny   tcp any any eq 445
access-list 199 deny   udp any any eq 445

Then, you want to allow only traffic that is legit, for example:

access-list 199 permit tcp any any eq www

Ending with a deny all. (or leave as is.  Deny all is allow added at the
end.)

-----Original Message-----
From: Pigeon [mailto:fredit () charter net] 
Sent: Tuesday, November 08, 2005 9:27 PM
To: security-basics () securityfocus com
Subject: CISCO ACLs.. Are there lists already out there to protect me from
trojans and known bad sites?

I just got my first cisco router in (well for home use :) ).. and I want to 
lock my network down.. Are there any default ACL lists that will block:
A) known bad IPs
B) trojan ports
C) protection against spoofing (aka denying  private IP source port incoming

in the WAN port)

I know I will have to modify whatever I have.. but a general list would be 
great!

thanks!