[17264] in North American Network Operators' Group
Re: ingress filtering
daemon@ATHENA.MIT.EDU (Brian Horvitz)
Thu May 28 14:30:42 1998
Date: Thu, 28 May 1998 13:51:37 -0400 (EDT)
From: Brian Horvitz <horvitz@shore.net>
To: "Mr. Dana Hudes" <dhudes@graphnet.com>
cc: nanog@merit.edu
In-Reply-To: <356D9EA5.FA0FB240@graphnet.com>
I have the luxury of being able to filter for source address at my ingress
points on only two routers. That makes it relatively easy to do. I find
a surprising number of packets with source addresses from inside my
network or from the private IP space.
Brian
On Thu, 28 May 1998, Mr. Dana Hudes wrote:
> Who *does* do ingress filtering? I have it on our border routers
> and customer connect ports. We have transit from MCI and UUNET.
> Neither has ingress filters -- see below message from MCI on
> this.
> The result of course is that spammers and other bad guys can try
> to attack your systems with forged source IP addresses.
> Random strange people in the 'net send "NETBIOS name service"
> (port 137) packets to my unix mail relay, which of course ignores
> them.
> Other such fun things continue to be seen in the logs.
>
>
> Subject: Re: RFC1918 addresses from MCI
> Date: Thu, 28 May 1998 08:16:23 -0700
> From: security@mci.net
> To: dhudes@graphnet.com
> CC: security@mci.net
>
> Mr. Hudes,
>
>
> Thank you for your note. MCI does not currently source filter
> address
> space at it's ingress points. Addresses sourced from
> non-routable or
> invalid addresses are not blocked or filtered. Addresses
> destined to
> non-routable addresses spaced are not routed.
>
> If you think it is a security issue and it is on-going then
> please
> contact us with the target address so we can investigate.
>
>
> Regards,
>
>
> -Julian Min
>