Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Mass Hijacking of AFRINIC IPv4 Space by U.S.A. Spammers

Seun Ojedeji seun.ojedeji at
Thu Nov 17 20:36:16 UTC 2016

Sent from my LG G4
Kindly excuse brevity and typos

On 17 Nov 2016 20:10, "Ronald F. Guilmette" <rfg at> wrote:
> In message <921851100.1628626.1479378352061 at>,
> fransossen at wrote:
> I wonder if anybody on this list is even aware of this report which I
> posted recently to the NANOG list:

SO: Your post would have been very useful/helpful(and perhaps more
appropriate) on the afnog list. Just incase you are not aware of it, below
is the url to the list:

> Does anybody in the whole of the AFRINIC region even give a damn that
> large quantities of unused AFRINIC IPv4 address space are being hijacked,
> as we speak, by American snowshoe spammers?
> And separately, why is it that when I try to obtain, from the AFRINIC
> WHOIS server, records relating to the relevant /16 blocks, none of those
> seem to have any information about the DATE on which these AFRINIC
> allocations were made, nor any CONTACT EMAIL ADDRESSES for the actual
> and legitimate /16 block registrants?
> Is all of this information being deliberately scrubbed from the AFRINIC
> WHOIS data base as a way of helping the criminals to avoid investigation?

SO: This is are useful questions that I wonder whether you have written to
AFRINIC support in the past and didn't get a reply from them.

> If AFRINIC could behave a little less stupidly and start to reclaim some
> of these blocks... many of which may not have even been used for the past
> 10+ years... and then give the blocks instead to entities that would
> use them, then this kind of problem would not even arise.

SO: Don't know what part of the world you are from but I think you can
still make your point without being abusive.

To the substance of your point, I want to assume the member assigned the
resources have not defaulted in their payments as that would have been the
first basis/trigger for recall of the resource. Other trigger is that which
relates to the change of purpose of getting the resource which isn't
monitored in real-time(that is unrealistic) but checked on subsequent
resource request by the member. So it's a whistle blower like yours that
could help follow-up and in that regard, it may be good for staff to have
some process for such. Could be through policy as is currently being
discussed or through an internally defined process.

> But I guess that the whole Cloud Innovation incident proves that I should
> not be expecting anything even remotely like "good stewardship" of limited
> IPv4 resources out of Afrinic.

SO: What incidence is referred to here? I think it's good to recall that
you are writing to a mailing list with hundreds of members and not to just
an individual. It will be good to have proper reference to your write-up so
we can follow your communication accordingly.

> P.S.  Note also that even unused/abandoned ASNs should be reclaimed (under
> any sensible policy) also.  Right now, all of this massive quantity of
> AFRINIC IPv4 space hijacking is taking place from AS6560 and AS37135
> and it seems pretty clear that both of those ASNs were themselves
> and are themselves being hijacked also.
SO: Again those are useful information which i wish you had written AFRINIC
about but it's better late than never.


> _______________________________________________
> RPD mailing list
> RPD at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list