ingress filtering

Mr. Dana Hudes dhudes at
Thu May 28 17:28:05 UTC 1998

Who *does* do ingress filtering? I have it on our border routers
and customer connect ports. We have transit from MCI and UUNET.
Neither has ingress filters -- see below message from MCI on
The result of course is that spammers and other bad guys can try
to attack your systems with forged source IP addresses.
Random strange people in the 'net send "NETBIOS name service"
(port 137) packets to my unix mail relay, which of course ignores
Other such fun things continue to be seen in the logs.

Subject: Re: RFC1918 addresses from MCI
   Date: Thu, 28 May 1998 08:16:23 -0700
   From: security at
      To: dhudes at
     CC: security at

Mr. Hudes,

Thank you for your note.  MCI does not currently source filter
space at it's ingress points.  Addresses sourced from
non-routable or
invalid addresses are not blocked or filtered.  Addresses
destined to
non-routable addresses spaced are not routed.

If you think it is a security issue and it is on-going then
contact us with the target address so we can investigate.


-Julian Min

More information about the NANOG mailing list