For anyone who's interested, the following access list will sercure a perimeter router in accordance with the SANS institute.

The access list is to be applied to the interface facing the the ISP and applied as an inbound filter.

For those interested here is the SANS institute link

http://www.sans.org/infosecFAQ/firewall/router.htm

access-list 101 deny tcp any any eq ftp-data

access-list 101 deny tcp any any eq ftp

access-list 101 deny tcp any any eq 22

access-list 101 deny tcp any any eq smtp

access-list 101 deny tcp any any eq telnet

access-list 101 deny tcp any any eq 37

access-list 101 deny udp any any eq time

access-list 101 deny tcp any any eq domain

access-list 101 deny udp any any eq domain

access-list 101 deny udp any any eq bootps

access-list 101 deny udp any any eq bootpc

access-list 101 deny tcp any any eq finger

access-list 101 deny tcp any any eq www

access-list 101 deny tcp any any eq pop2

access-list 101 deny tcp any any eq pop3

access-list 101 deny tcp any any eq ident

access-list 101 deny tcp any any eq nntp

access-list 101 deny udp any any eq ntp

access-list 101 deny tcp any any eq 135

access-list 101 deny udp any any eq 135

access-list 101 deny udp any any eq netbios-ns

access-list 101 deny udp any any eq netbios-dgm

access-list 101 deny udp any any eq netbios-ss

access-list 101 deny tcp any any eq 139

access-list 101 deny tcp any any eq 143

access-list 101 deny tcp any any eq 161

access-list 101 deny udp any any eq snmp

access-list 101 deny tcp any any eq 162

access-list 101 deny udp any any eq snmptrap

access-list 101 deny tcp any any eq 443

access-list 101 deny udp any any eq 443

access-list 101 deny tcp any any eq 445

access-list 101 deny udp any any eq 445

access-list 101 deny icmp any any timestamp-request

access-list 101 permit ip any any