Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Mass Hijacking of AFRINIC IPv4 Space by U.S.A. Spammers

Dorothy K. Gordon director-general at
Thu Nov 17 19:06:05 UTC 2016

Could someone at Afrinic please respond rapidly to this message?


----- Original Message -----
From: "Ronald F. Guilmette" <rfg at>
To: "AfriNIC List" <rpd at>
Sent: Thursday, 17 November, 2016 7:08:47 PM
Subject: [rpd] Mass Hijacking of AFRINIC IPv4 Space by U.S.A. Spammers

In message <921851100.1628626.1479378352061 at>, 
fransossen at wrote:

>1) Any audit should be performed to ensure that a resource holder: 
> A) that the resource holder exist/still exist. 
>  If the initial set of information was fraudulent, there is no fix, as the
>initially provided docuemtna were false, no fix possible.
>  If the company name is incorrect, it can be fixed if it is out of date
>registrations, undeclared company take over or name change.
>  If the company does not exist anymore and with no legal successor,
>resource must be returned to the AFRINIC.

I wonder if anybody on this list is even aware of this report which I
posted recently to the NANOG list:

Does anybody in the whole of the AFRINIC region even give a damn that
large quantities of unused AFRINIC IPv4 address space are being hijacked,
as we speak, by American snowshoe spammers?

And separately, why is it that when I try to obtain, from the AFRINIC
WHOIS server, records relating to the relevant /16 blocks, none of those
seem to have any information about the DATE on which these AFRINIC
allocations were made, nor any CONTACT EMAIL ADDRESSES for the actual
and legitimate /16 block registrants?

Is all of this information being deliberately scrubbed from the AFRINIC
WHOIS data base as a way of helping the criminals to avoid investigation?


P.S.  This post is relevant to the post made by fransossen at because
all of the many /16 blocks that are affected by this mass IP space hijacking
appear to be older and "abandoned" blocks.  The bad guys saw that these blocks
were not being used, and so they helped themselves to all this "free" IPv4

If AFRINIC could behave a little less stupidly and start to reclaim some
of these blocks... many of which may not have even been used for the past
10+ years... and then give the blocks instead to entities that would actually
use them, then this kind of problem would not even arise.

But I guess that the whole Cloud Innovation incident proves that I should
not be expecting anything even remotely like "good stewardship" of limited
IPv4 resources out of Afrinic.

P.S.  Note also that even unused/abandoned ASNs should be reclaimed (under
any sensible policy) also.  Right now, all of this massive quantity of
AFRINIC IPv4 space hijacking is taking place from AS6560 and AS37135
and it seems pretty clear that both of those ASNs were themselves abandoned
and are themselves being hijacked also.

RPD mailing list
RPD at

More information about the RPD mailing list