hmm, "stealing" is usually when 2 computers on the same network subnet try and both be the same IP, perhaps by misconfiguration - though I've never seen it done intentionally.
There are ways to stop it, easiest probably using static ARPs if the switch/router supports it - which basically says that a certain MAC address (unique per NIC) has whatever IP address. Then if a different computer (and therefore a different MAC) decides to try and take the IP, the switch will ignore it.
If its a plain old hub or switch that doesn't support it, then I guess anyone could decide they want to be a certain IP address. If they did, and it was a shared environment, I'd expect there'd be heavy penalities for doing so.
Having your own class C *might* help if this class C is only routed to your dedicated port or switch, since no one else could even be on the same subnet.
I think it all depends on the network architecture - so query the provider on what they can do to prevent it.
Static ARP is not necessarily the proper way, although it will work.
If you are a colo customer of your uplink and you simply have a switch from them, with one uplink port.
You can have your provider set up vlan's on their routers which will segregate the different IP networks and trunk them over one physical uplink connection.
The same applies if you have your own router, although you do your own management.
This is the ideal setup to prevent "IP stealing" among other customers.
The typical setup (although it sucks, but i've seen alot of people doing it this way) is that the customer of the uplink gets one VLAN, and they just secondary the other ip networks on that VLAN. This does allow ip stealing, cause anything in that common vlan can use any of the other networks.
ip address 10.0.0.1 255.255.255.0
ip address 10.5.0.1 255.255.255.0 secondary
that is from the provider/uplink end.
say there are two machines out there on the other end of this fast ethernet connection. The first block is for their internal servers, and the second is for your servers. Either machine could use any IP address within BOTH ranges (less any network, broadcast and gateway IPs).