On 13 Apr 2003 15:11 UTC, David Temkin <temkin@sig.com> wrote: | Maybe they should do everyone a favor and return the hijacked blocks | to ARIN.... I mean hell, does anyone really think that they have | 6 /16's worth of machines directly accessible via the 'net? Maybe so indeed. We've been asked to help clear up the mess, and to my mind it's far more important to limit the damage to the rest of the net from the hard-to-trace abuse and the other evils that were the reason why the blocks were hijacked in the first place, than to deal with the consequential admin issues. But those issues *will* be addressed. So that's why we first gave you all an update on what was happening, while I try to reach the security teams at the networks that are still allowing the bogus announcements to go out. Sprint responded quickly, and thanks to those of you here who mailed me better contact details, I was able to reach Telia who filtered their announcements promptly. Some networks however are proving rather more difficult to "reach"! Once we've shut the abuse down, we'll be sure to brief Aker Kvaerner's management on all the issues involved and, from what I've seen so far, I'm completely satisfied that they will then "do the right thing". | Obviously if they have been hijacked and the admins had the time | to post here about it, it's not the end of the world for them... Aker Kvaerner were until last week unaware that the company they had acquired had ever had any allocations from ARIN. We've been asked to clear up the mess, and to that extent only we are the "admins". When one of the hijackers lost their connection, and was immediately able to get a new connection from another provider, we realised just how important it was to ensure that network operators were generally made aware of what was going on: firstly so that they didn't inadvertently allow anyone else to announce anything in those netblocks, and also so that any network could, if they wished, could keep traffic from those netblocks off their systems. At our request ARIN have now deleted all contact handles from those blocks, so that further identity-spoofing should be more difficult. -- Richard Cox Mandarin Technology Ltd, Penarth, UK