On Sun, 11 May 2003 22:26:46 -0700 (PDT), william@elan.net wrote: | In any case, this calls for active blocking of this /16 from anybody | who does not want to provide services to spammers and ip hijackers. | As for XO and Internap, (I'm sure somebody is here from these | companies) - take notice and get rid of this customer!!! Since clearing up the "Trafalgar House" hijacks, several people have written me pointing out an even larger number of probably-hijacked blocks that they think should be investigated. I've researched what I can, and drawn the attention of ARIN, and the relevant upstreams, to BGP announcements that research suggests may be inappropriate. What I have avoided doing is reporting all the gory details here, except where there was some specific relevance in doing so. I have, as promised, set up the mailing list - hijacked@numbering.com for reports and evaluation of likely incidents of IP block hijacking, and if the outcome of any evaluation is that hijacking is confirmed, the details can be sent to the upstreams and ARIN for consideration. I would hope that ARIN and the major networks will want to join that list and follow the discussions there anyway. That list is now open; initial requests have been added manually, and anyone else who wishes to join will need to send the usual incantation to majordomo@numbering.com and then respond to the email challenge. To avoid misunderstanding can I say very clearly that the "hijacked" list will not be discussing any aspect of ARIN's (or indeed any other registries') procedure or policies: such matters are more appropriate to the individual policy fora of each registry/community. At Matthew Sullivan's kind suggestion, a DNS-BL of confirmed hijacked IP blocks is now live and available as a separate specific zone within the SORBS project; details at http://www.dnsbl.sorbs.net Networks can therefore prevent abuse from hijacked netblocks by using SORBS' DNSBL. Richard Cox