I don't think filters are a problem for third party routing as long as the third party routing is not done in secret. If I am sending you third party routes for someone, and you know it because I tell you I am and you agree to let me, then you can open your filters to the source port for those routes. Third party routes that are being done without the knowledge of the traffic target are a bad thing and shouldn't be done anyway... -Dorn
It's not that hard to write a script that temporarily points a static route for an unregistered address at each of the machines at a meet point. By tracerouting to that address you can detect if someone is pointing default at you.
The script does not have to be a very CPU intensive operation, and if it is run once a day, it ought to provide a fairly good clue as to whether or not someone is abusing your network.
I would like to stay away from port filtering except as a last resort. I think that there are far too many unforeseen problems and complications in debugging. And for better or worse it would require the removal of all third party routing which I would guess is pretty common at the Mae's.
Scott Blandford IBM Global Network