Anonyous sites inbound blocking

[ferraf]

My goal is to block from a large list of IP's, about 15,000. This is a lot for Raptor (I think), or a Ciso router. I built a list of 15,000 anonymous public proxy servers and want to stop these drone sites from connecting to my network.

Has anyone addressed this type of large scale of IP's?? What solutions can address this type of issue. Has anyone tried to block this many sites using Raptor? I'm running the lastest NT version on a medium sized multi processor server.

Any suggestions would be appreciated.

 

[mastergara]

Simple Answer - Don't try it!

This is an application layer proxy! It is designed to filter information on a much higher level then a router. If this is a lot for a cisco router, then imagine how many it would be for a system that is not specifically designed to perform those tasks!

My suggestion - Get a bigger cisco router that can handle that sort of list to filter through before it hits the firewall.

Hope this helps!

-M

 

[finfrockg]

I would start at the Cisco router with an inbound access lists that has deny all all for IP and ICMP at the bottom. The access-list permit statements should mirror your allow rules within SEF. Having the router pass only those protocols that actively pass on your DMZ greatly reduces security risks.
Also, denying ping and traceroutes at the router will also drastically cut down on the number of probes your system encounters.

I have a list of 450 Spammer subnets that are denied access to SMTP within SEF, but I'm blocking specifically for SMTP traffic.