[17264] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: ingress filtering

daemon@ATHENA.MIT.EDU (Brian Horvitz)
Thu May 28 14:30:42 1998

Date: Thu, 28 May 1998 13:51:37 -0400 (EDT)
From: Brian Horvitz <horvitz@shore.net>
To: "Mr. Dana Hudes" <dhudes@graphnet.com>
cc: nanog@merit.edu
In-Reply-To: <356D9EA5.FA0FB240@graphnet.com>

I have the luxury of being able to filter for source address at my ingress
points on only two routers.  That makes it relatively easy to do.  I find
a surprising number of packets with source addresses from inside my
network or from the private IP space.

  Brian

On Thu, 28 May 1998, Mr. Dana Hudes wrote:

> Who *does* do ingress filtering? I have it on our border routers
> and customer connect ports. We have transit from MCI and UUNET.
> Neither has ingress filters -- see below message from MCI on
> this.
> The result of course is that spammers and other bad guys can try
> to attack your systems with forged source IP addresses.
> Random strange people in the 'net send "NETBIOS name service"
> (port 137) packets to my unix mail relay, which of course ignores
> them.
> Other such fun things continue to be seen in the logs.
> 
> 
> Subject: Re: RFC1918 addresses from MCI
>    Date: Thu, 28 May 1998 08:16:23 -0700
>    From: security@mci.net
>       To: dhudes@graphnet.com
>      CC: security@mci.net
> 
> Mr. Hudes,
> 
> 
> Thank you for your note.  MCI does not currently source filter
> address
> space at it's ingress points.  Addresses sourced from
> non-routable or
> invalid addresses are not blocked or filtered.  Addresses
> destined to
> non-routable addresses spaced are not routed.
> 
> If you think it is a security issue and it is on-going then
> please
> contact us with the target address so we can investigate.
> 
> 
> Regards,
> 
> 
> -Julian Min
> 


home help back first fref pref prev next nref lref last post