Hello, I just joined this group today so wasn't part of the earlier discussion, but saw the mention of leakage in to 1.0.0.0/8 earlier. I thought I'd bring up a particular issue I've seen in the past involving the address 1.0.0.0 . The issue is that the DLink DSL-502T router as shipped in large numbers by Xtra has a flaw in the DNS resolver. If a DNS request for an AAAA record is sent to the router, I've observed it sending back a malformed response packed. This would only be a minor irritation, except that it seems to corrupt the DNS cache such that subsequent requests for A records return the address 1.0.0.0 . I have observed this occurring at two different premises, both with this same router and both having received it as part of Xtra subscription packages. The issue was reported through the standard service desk, but I was unsure of where else it could be reported to. Of course, even if fixed it is unlikely that many shipped units would be updated. Just thought I'd let people know that we have a possibly significant national source of this traffic. While probably fairly low in volume at the moment, it would be entirely possible for example that an update to Windows could trigger a sudden increase. Cheers, Tim