Access List (ACL) to Block Russian and Chinese Nets From Routers

s.odom · ‎05-05-2008

I see people asking if there are premade ACL's to block Chinese and Russian nets from their edge routers. Since I spent so much time creating entries for them based on information received from http://www.ipdeny.com/ipblocks/ i decided to share them. They are in the attached Word Docs.

There are alot of entires but since it is in a standard ACL it should not tax your routers too greatly.

Sean Odom

Sybex/Wiley Cisco Author

srue · ‎05-05-2008

inline IPS appliances are also good for this sort of thing, especially since they already inspect every packet.

chickman · ‎05-07-2008

Well, I'd rather not tax the IPS even further for something that the edge router should be capable taking care of. Especially since the source of the traffic should be denied at the closest managed point.

If you do not want this traffic coming inbound, closest for some would be the edge router. Others may only have their firewall as the closest manageable point.

Suggestion to those that do not manage their edge router would be to compile a list such as the one listed above. Then send it to your provider requesting they place it on this router. Of course this may become a double edge sword in a sense. If there is legit traffic from one of these source IP addresses that you identify down the road, it might be a hassle to get the block resolved.

Or, you can also apply these right there on your firewall as well.

Thank you for providing this list!

Andrea Florio · ‎12-18-2016

thanks. i'm going trough the document but i can't understand why you don't summarize. :)