[Community-Discuss] [afnog] Updates on the misappropriation of IPv4 resources

Noah noah at neo.co.tz
Wed Dec 23 18:27:49 UTC 2020


Since I wear many hats, allow me to respond to you inline.

On Wed, Dec 23, 2020 at 4:10 PM Emem William <dwizard65 at gmail.com> wrote:


> Also why is Seacom still routing stolen AFRINIC IP?


A lot of stolen or misappropriated IPv4 number resources are being routed
everyday by ISP and transit providers globally. The reasons vary from,
misinformation, hijacks, misappropriated IPv4 addresses. All this is
perfectly recorded on the RIR database. Until recently, Ronald started
shading light to the fact that a huge number of AFRINIC IPv4 space, both
legacy and non-legacy has been fraudulently obtained while others
misappropriated and perfectly recorded in the whois database.

I am assuming that you are not a network engineer and as such, you are
ignorant of how the internet works and to enlighten you, SEACOM is largest
transit provider in AFRICA and does run prefix/asn checks before prefixes
from downstream customers are announced. This checks involves AFRINIC whois
database checks and even LoA letter requests.

So to answer your question, this is a ticket worthy logging and
chasing......but meanwhile...........to continue enlightening you.....

> As you have rightfully pointed out https://bgp.he.net/AS26754#_graph4 ,

> they seem to be the only upstream provider that still routes Afrinic’s

> stolen IP.


Actually those prefixes on the link above are being originated by
ITC AS26754 and announced by two different upstream providers. The question
then is, is AS26754 authorised to announce those prefixes and if so, are
the records on the AFRINIC whois database. If the answer is yes, then the
ISP is correct to route them after checking all those route objects to
confirm compliance etc.

Remember there was a case months ago where one AFRINIC member Cloud
Innovation Ltd, sub-allocated AFRINIC based IPv4 addresses to a customer in
HongKong who then sub-allocated to another customer in Manila Philippines
who then hijacked SEACOM ASN in order to announced the Cloud Innovation Ltd
prefix from Philippines in Manila. Crazy right, well the issue was
immediately fixed and the outcome is in the archives of this mailing list.

*Rest assured, if those prefixes are stolen and are being originated by
ITC, then the AFRINIC team should take this up and I have copied Ashil from
the communications team herein to pass this case to the Audit Committee as

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/community-discuss/attachments/20201223/d9a95ba8/attachment.html>

More information about the Community-Discuss mailing list