[64877] in North American Network Operators' Group
Re: Hijacked IP space
daemon@ATHENA.MIT.EDU (Stewart, William C (Bill), RTSLS)
Tue Nov 4 04:53:42 2003
Date: Tue, 4 Nov 2003 03:53:07 -0600
From: "Stewart, William C (Bill), RTSLS" <billstewart@att.com>
To: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
Chuck Goolsbee wrote that one of his clients was having problems
because miscreants have hijacked IP space that they own but
haven't actively used in a while.
While it's definitely worth submitting it to completewhois
and developing whatever paper trail it takes to give it back=20
to the registrars if they don't want to keep it,
another obvious stopgap would be to advertise the space,
including their /21 and any /24s they see route advertisements for.
Either point it to some spare PC with a web server handing out
"Forgers hijacked our address space" pages, or null route it.
Also check the reverse DNS listings, if there are any,
and have them advertise a pointer to a subdomain like
weve-been-hijacked.theirdomain.com with an appropriate web page.
