Search RPD Archives
[rpd] Mass Hijacking of AFRINIC IPv4 Space by U.S.A. Spammers
geier at geier.ne.tz
Fri Nov 18 04:08:08 UTC 2016
On 11/17/2016 10:08 PM, Ronald F. Guilmette wrote:
> I wonder if anybody on this list is even aware of this report which I
> posted recently to the NANOG list:
I read it.
I'm not the upstream AS.
> Does anybody in the whole of the AFRINIC region even give a damn that
> large quantities of unused AFRINIC IPv4 address space are being hijacked,
> as we speak, by American snowshoe spammers?
Hmmm. Source of the problem?
> And separately, why is it that when I try to obtain, from the AFRINIC
> WHOIS server, records relating to the relevant /16 blocks, none of those
> seem to have any information about the DATE on which these AFRINIC
> allocations were made,
Nick answered that on October 29th.
You'll have to read to the end.
here an example of the first block you listed:
$ whois -h whois.afrinic.net -- -B 220.127.116.11/16
% This is the AfriNIC Whois server.
% Information related to '18.104.22.168 - 22.214.171.124'
% No abuse contact registered for 126.96.36.199 - 188.8.131.52
inetnum: 184.108.40.206 - 220.127.116.11
descr: P.O. Box 72501
descr: Parkview 2122
status: ASSIGNED PI
changed: hostmaster at arin.net 19920615
changed: hostmaster at arin.net 20020821
changed: hostmaster at afrinic.net 20050221
we're talking 1992 !
> nor any CONTACT EMAIL ADDRESSES for the actual
> and legitimate /16 block registrants?
using the same syntax i saw security <at> transtel.co.za
> Is all of this information being deliberately scrubbed from the AFRINIC
> WHOIS data base as a way of helping the criminals to avoid investigation?
No. it is not deliberately scrubbed. It is not scrubbed at all.
More information about the RPD