Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Mass Hijacking of AFRINIC IPv4 Space by U.S.A. Spammers

Frank Habicht geier at
Fri Nov 18 04:08:08 UTC 2016

Hi Ronald,

On 11/17/2016 10:08 PM, Ronald F. Guilmette wrote:
> I wonder if anybody on this list is even aware of this report which I
> posted recently to the NANOG list:

I read it.
I'm not the upstream AS.

> Does anybody in the whole of the AFRINIC region even give a damn that
> large quantities of unused AFRINIC IPv4 address space are being hijacked,
> as we speak, by American snowshoe spammers?

Hmmm. Source of the problem?

> And separately, why is it that when I try to obtain, from the AFRINIC
> WHOIS server, records relating to the relevant /16 blocks, none of those
> seem to have any information about the DATE on which these AFRINIC
> allocations were made, 

Nick answered that on October 29th.

You'll have to read to the end.

here an example of the first block you listed:
$ whois -h -- -B
% This is the AfriNIC Whois server.

% Information related to ' -'

% No abuse contact registered for -

inetnum: -
netname:        TRANSNET1
descr:          Transnet1
descr:          P.O. Box 72501
descr:          Parkview 2122
country:        ZA
org:            ORG-TA26-AFRINIC
admin-c:        FN31-AFRINIC
tech-c:         FN31-AFRINIC
status:         ASSIGNED PI
mnt-by:         TF-152-108-MNT
mnt-lower:      TF-152-108-MNT
mnt-domains:    TF-152-108-MNT
changed:        hostmaster at 19920615
changed:        hostmaster at 20020821
changed:        hostmaster at 20050221

we're talking 1992 !

> nor any CONTACT EMAIL ADDRESSES for the actual
> and legitimate /16 block registrants?

using the same syntax i saw security <at>

> Is all of this information being deliberately scrubbed from the AFRINIC
> WHOIS data base as a way of helping the criminals to avoid investigation?

No. it is not deliberately scrubbed. It is not scrubbed at all.


More information about the RPD mailing list