Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Mass Hijacking of AFRINIC IPv4 Space by U.S.A. Spammers

Frank Habicht geier at geier.ne.tz
Fri Nov 18 04:08:08 UTC 2016 

Hi Ronald,

On 11/17/2016 10:08 PM, Ronald F. Guilmette wrote:
> I wonder if anybody on this list is even aware of this report which I
> posted recently to the NANOG list:
> 
>     http://mailman.nanog.org/pipermail/nanog/2016-November/089164.html

I read it.
I'm not the upstream AS.


> Does anybody in the whole of the AFRINIC region even give a damn that
> large quantities of unused AFRINIC IPv4 address space are being hijacked,
> as we speak, by American snowshoe spammers?

Hmmm. Source of the problem?


> And separately, why is it that when I try to obtain, from the AFRINIC
> WHOIS server, records relating to the relevant /16 blocks, none of those
> seem to have any information about the DATE on which these AFRINIC
> allocations were made, 

Nick answered that on October 29th.

http://mailman.nanog.org/pipermail/nanog/2016-October/088976.html

You'll have to read to the end.

here an example of the first block you listed:
$ whois -h whois.afrinic.net -- -B 152.108.0.0/16
[Querying whois.afrinic.net]
[whois.afrinic.net]
% This is the AfriNIC Whois server.

% Information related to '152.108.0.0 - 152.108.255.255'

% No abuse contact registered for 152.108.0.0 - 152.108.255.255

inetnum:        152.108.0.0 - 152.108.255.255
netname:        TRANSNET1
descr:          Transnet1
descr:          P.O. Box 72501
descr:          Parkview 2122
country:        ZA
org:            ORG-TA26-AFRINIC
admin-c:        FN31-AFRINIC
tech-c:         FN31-AFRINIC
status:         ASSIGNED PI
mnt-by:         TF-152-108-MNT
mnt-lower:      TF-152-108-MNT
mnt-domains:    TF-152-108-MNT
changed:        hostmaster at arin.net 19920615
changed:        hostmaster at arin.net 20020821
changed:        hostmaster at afrinic.net 20050221

we're talking 1992 !


> nor any CONTACT EMAIL ADDRESSES for the actual
> and legitimate /16 block registrants?

using the same syntax i saw security <at> transtel.co.za


> Is all of this information being deliberately scrubbed from the AFRINIC
> WHOIS data base as a way of helping the criminals to avoid investigation?

No. it is not deliberately scrubbed. It is not scrubbed at all.


Frank

More information about the RPD mailing list