Shane commented: #What a great method for finding networks that are poorly monitored and #maintained! Simply check ARIN's Whois database until you find networks #with POC that are marked as invalid! # #I hope that RIPE does not adopt this address-hijacking-friendly #technique. :( If I were a person inclined toward hijacking netblocks, I think I'd likely use data from Routeviews (or a similar routing table analysis project) to identify IP address ranges that consistently are absent from the global routing table. You could certainly use whois database queries in an effort to verify or validate potential target IP address ranges, but I don't really see stale data flags in whois as materially worsening the existing problem of abusers scavening apparently unused (or underused) network resources. After all, if a bad guy or bad gal sees a "juicy" likely-"abandoned" /16 or whatever, it really isn't that hard for them to try emailing the points of contact, or to try calling the listed phone POCs, etc. If the goal is to seriously deter address hijacking, I think we need to talk about things like RPKI (folks who may be interested may want to see Bush and Austein's NANOG RPKI Tutorial from June 2011, http://www.nanog.org/meetings/nanog52/abstracts.php?pt=MTc3MyZuYW5vZzUy&nm=nanog52 or for those who find URL shorteners more convenient, try http://tinyurl.com/rpki-tutorial for that same page). Or, if you're skeptical of RPKI, encourage your friends to carefully monitor their space and how it's being announced. But I digress :-; Regards, Joe