cisco 2620 upgrade IOS and access-list

[linuxbox]

Hello. We have a cisco 2620 router with an ATM interface that we service dsl customers with. I think we need to do an upgrade for the IOS but I have no clue where to find the correct IOS we need for what we are doing. I'd like to know where to find the correct IOS on cisco's site and whatnot. I'm not sure if there is a list of IOS versions on their site that would show me what I am needing or perhaps someone here would know.
I logged into cisco's site with the basic account but i can't do anything that will show me what i'm needing. i can't see paying anything just to find out what i need...that is silly. i do think my IOS is outdated though.

here is my sh ver info from my router:

Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-DS-M), Version 12.2(4)T7, RELEASE SOFTWARE (fc1)
TAC Support:

http://www.cisco.com/tac

Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Sat 26-Jul-03 01:51 by pwade
Image text-base: 0x80008088, data-base: 0x81413C7C

ROM: System Bootstrap, Version 12.2(10r)1, RELEASE SOFTWARE (fc1)

Cisco2620 uptime is 13 weeks, 3 days, 9 hours, 20 minutes
System returned to ROM by power-on
System image file is "flash:c2600-ds-mz.122-4.T7.bin"

cisco 2620 (MPC860) processor (revision 0x600) with 58368K/7168K bytes of memory.
Processor board ID JAD06010C28 (1745870344)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
4 ATM network interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)

I haven't updated our access-list in a year or so also and was wondering if someone could point out specific ports I should be blocking.
currently here are the entries on my access-list 101 in:

deny 53 any any
deny 55 any any
deny 77 any any
deny pim any any
deny ip 192.168.0.0 0.0.255.255 any log (4 matches)
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log (6709 matches)
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 255.0.0.0 0.255.255.255 any log
deny ip 224.0.0.0 7.255.255.255 any log
deny ip host 0.0.0.0 any log (1584 matches)
deny tcp any any eq 3306 log (38511 matches)
deny tcp any any eq ident log (1789 matches)
deny tcp any any eq 11 log (4 matches)
deny udp any any eq 11 log
deny tcp any any eq daytime log (7 matches)
deny udp any any eq 13 log
deny tcp any any eq 17 log (21 matches)
deny udp any any eq 17 log
deny tcp any any eq 18 log (21 matches)
deny udp any any eq 18 log
deny tcp any any eq chargen log (9 matches)
deny udp any any eq 19 log
deny tcp any any eq 69 log (7 matches)
deny udp any any eq tftp log
deny tcp any any eq 12345 log (7732 matches)
deny udp any any eq 12345 log (7 matches)
deny tcp any any eq 27374 log (172 matches)
deny udp any any eq 27374 log (1 match)
deny tcp any any eq 31337 log (1261 matches)
deny udp any any eq 31337 log (12 matches)
deny tcp any any eq 31338 log (45 matches)
deny udp any any eq 31338 log (10 matches)
deny tcp any any eq 65000 log (461 matches)
deny udp any any eq 65000 log (51935 matches)
deny tcp any any eq 5 log (6 matches)
deny udp any any eq 5 log
deny tcp any any eq discard log (11 matches)
deny udp any any eq discard log
deny tcp any any eq 445 log-input (1719658 matches)
deny udp any any eq 445 log-input
deny tcp any any range 135 139 log-input (1088382 matches)
deny udp any any range 135 netbios-ss log-input (1290701 matches)
deny tcp any any eq telnet (2115 matches)
deny icmp any any echo (1651224 matches)
deny icmp any any echo-reply (19 matches)
deny icmp any any log-input fragments (2 matches)
deny icmp any any (6164216 matches)
permit tcp any any established (717274896 matches)
permit ip any any (165236960 matches)

 

[GM2005]

ds-mz = IP/IPX/AT Plus
The latest near match is:

S26BP-12228 Cisco 2600 Series IOS IP/IPX/AT/DEC PLUS