Who *does* do ingress filtering? I have it on our border routers and customer connect ports. We have transit from MCI and UUNET. Neither has ingress filters -- see below message from MCI on this. The result of course is that spammers and other bad guys can try to attack your systems with forged source IP addresses. Random strange people in the 'net send "NETBIOS name service" (port 137) packets to my unix mail relay, which of course ignores them. Other such fun things continue to be seen in the logs. Subject: Re: RFC1918 addresses from MCI Date: Thu, 28 May 1998 08:16:23 -0700 From: security@mci.net To: dhudes@graphnet.com CC: security@mci.net Mr. Hudes, Thank you for your note. MCI does not currently source filter address space at it's ingress points. Addresses sourced from non-routable or invalid addresses are not blocked or filtered. Addresses destined to non-routable addresses spaced are not routed. If you think it is a security issue and it is on-going then please contact us with the target address so we can investigate. Regards, -Julian Min