Re: "except for IP addresses"
They *are* the ISP so presumably could have their routers configured to block incoming IP addresses to any customer that should not exist (such as their own internal range, "Martian packets", etc).
Yes, I know, that is a level of security sense that goes one step above the already-failed step of limiting IP addresses in the first place...