Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Mass Hijacking of AFRINIC IPv4 Space by U.S.A. Spammers

Andrew Alston Andrew.Alston at
Thu Nov 17 20:48:04 UTC 2016

There is a further problem with this report.

There is an assumption that AfriNIC can actually do anything about this – or even force whois database updates on most of it.

So, lets take a very close look at what we are dealing with here:

Firstly, as has been the rule for many years – legacy space is not bound by AfriNIC policy, it cannot be reclaimed, the whois policies cannot be enforced on it, they can use it anywhere and technically they can transfer or sell it to anyone.  At the moment there are no policies covering this space.

Now, if I am reading the delegation database correctly and AfriNIC can correct me if I am wrong, all of the following are legacy space:

152.108 – legacy space
155.159 - legacy space
155.235 - legacy space
155.237 - legacy space
160.115 – legacy space
160.116 – legacy space
160.122 – legacy space
163.197 – legacy space
163.198 – legacy space
164.155 – legacy space
165.25 – legacy space
168.76 – legacy space
168.80 – legacy space
196.9 – legacy space – legacy space

That leaves the other two blocks.

If memory serves me correctly – almost all of this space is legacy as well – it’s a block that I could be wrong, but I think was transferred to AfriNIC out from under the uninet project because it was incredibly fragmented and only the unused parts of it were actually non-legacy space for further allocation.  The remaining space in this block is actually spread out over 11 countries and I am still not sure if its classified as legacy (and hence not bound by anything AfriNIC can enforce) I THINK is also legacy space – again, open to confirmation, but based on org code and other information in the database it certainly looks that way.

So basically – someone has chosen to hijack a hell of a lot of space by that the RIR who may host it – actually has no control over because policy is not binding on legacy holders.  The owners of the space have to fix the problem.

Furthermore, as an ISP that has dealt with IP space hijacking of our own active space within the last year – and who has had the long and hard fight to get it dealt with, and taken that fight up directly myself – I will say categorically that AfriNIC has absolutely no role in the fight – the fight had to be had with the upstreams directly by the holders of the space – it was a time consuming, painful process, but we won out in the end.  But realistically, what was AfriNIC supposed to do about it?  


On 17/11/2016, 23:24, "sm+afrinic at" <sm+afrinic at> wrote:

    Hi Ronald,
    At 11:08 17-11-2016, Ronald F. Guilmette wrote:
    >I wonder if anybody on this list is even aware of this report which I
    >posted recently to the NANOG list:
    I read the report.
    >Does anybody in the whole of the AFRINIC region even give a damn that
    >large quantities of unused AFRINIC IPv4 address space are being hijacked,
    >as we speak, by American snowshoe spammers?
    I did a quick verification.  Most of the IPv4 address space listed in 
    the report is allocated to organizations in one country in this 
    region.  I don't understand why it is being described as a problem 
    for the entire region.
    There is a webpage about spam at
    S. Moonesamy 
    RPD mailing list
    RPD at

More information about the RPD mailing list