[Community-Discuss] [afnog] Updates on the misappropriation of IPv4 resources

[Ronald F. Guilmette]

In message <CABPhykP9CpAn9H7Ssh4b_M9Ex80Q1JdUUOuK8x5LGJMM07sNAg at mail.gmail.com>
Emem William <dwizard65 at gmail.com> wrote:


>In your comprehensive routing data, I noticed that the following name

>stands out quite often, PEG Tech Inc. It seems like they are providing a

>lot of route to those ranges. I am wondering if you have done any research

>about them?


I have, but only a limited amount.  I believe that is a California (US)
based company, and that its Chief Executive Officer, as per California
state corporation records, is a person named Wei Zhang.


>Also why is Seacom still routing stolen AFRINIC IP?


I cannot provide any answer.  This question is best directed to SEACOM.


>As you have rightfully

>pointed out https://bgp.he.net/AS26754#_graph4 , they seem to be the only

>upstream provider that still routes Afrinic=E2=80=99s stolen IP.


NOT SO!  You seem to have grossely misinterpreted what I posted.

There are *numerous* different ASN that are routing various parts of
what I consider to be either (a) provably stolen AFRINIC legacy IPv4
space that AFRINIC has not yet acted to return to its rightful owners
or else (b) IPv4 space that *was* stolen, but which AFRINIC *has*
returned to its rightful owners (but which some unrelated network owners
are still illicitly squatting on anyway) or (c) IPv4 address space that
has been reclaimed into the free pool by AFRINIC, and which are thus
now "bogons", but which some network operators are still routing anyway.

In the specific case illustrated by the link I posted:

   https://bgp.he.net/AS2675

the IPv4 address blocks in question were parts of various IPv4 blocks
that have already been reclaimed into the free pool by AFRINIC.  And in
this case, even the AS number, AS2675, has also been reclaimed into the
ASN free pool by AFRINIC.  (So *nobody* should even be using that ASN
-at all- on the public internet.)

The problem here is that AS2675, which is now a "bogon" ASN, *is* still
being used to announce routes to multiple IPv4 address blocks which are
themselves now "bogons".  This is apparently only possible because *two*
other ASNs are providing correctivity to the bogon ASN, AS2675, as shown
on the page linked to above.  These two other ASNs are:

    AS328616 Spidd Africa Ltd
    AS37100  SEACOM Limited

Neither of these two should be peering with the bogon AS2675 -at all-.

SEACOM, you already know about.  That is a big provider in Africa that
ought to know better.  The other one, AS328616 Spidd Africa Ltd is a
bit mysterious, but is apparently headquartered in Uganda, and it also
is receiving connectivity from two other ASNs as shown here:

    https://bgp.he.net/AS328616

The two ASNs that are providing connectivity to Spidd Africa... which I
believe is strongly linked to Ernest... are as follows:

    AS328015  Sombha Solutions Store Limited
    AS37100  SEACOM Limited

Both of these appear to be essentially legitimate companies... and SEACOM
surely is... but I do have to question why either of them should be
providing connectivity to AS328616 Spidd Africa Ltd., which I believe
to be a small-time operation which is most probably the property of good
friends of Ernest in Uganda.

I could provide even some more interesting information here about these
various networking connections in Uganda, but I'll leave that for another
time.


Regards,
rfg