Currently I work with Greenhost, which is a RIPE LIR that was recently the recipient of a malicious route advertisement, as described here: https://greenhost.nl/2013/03/21/spam-not-spam-tracking-hijacked-spamhaus-ip/ IP address hijacking is a real problem. How often does it happen? Which networks are being spoofed, and which networks are the victims? My sense is that we don't have solid up-to-date answers to these questions. I have some thoughts about how to detect successful IP hijacking, using empirical measurements taken from multiple network vantagepoints. I'll hold off on details for now, but I'm aware that the answer is *not* simple analysis of AS paths or traceroute output, both of which are increasingly spoofed. It seems like the RIPE Atlas probe network would be an ideal platform for this type of study. Does such a study already exist? How does one begin to propose a RIPE Atlas project? Regards, Anatole Shaw