Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Mass Hijacking of AFRINIC IPv4 Space by U.S.A. Spammers

Jean-Robert Hountomey jrhountomey at
Fri Nov 18 06:18:21 UTC 2016


> Is there someone in particular in Afrinic who I need to send some money

> I'm sorry, but I am unfamiliar with the normal rules of business in Africa,

> so I don't know how this works or who should get the money

> If AFRINIC could behave a little less stupidly and start to reclaim some of these blocks...

I am sure you know that there are rules and guidelines for responsible disclosure. 
What you have said is outrageous. Even someone with 21 years of experience has some standards to adhere to.
And you don’t land in a community discussing collaboratively how to improve their operations with these kind of allegation.
If you want to contribute, you are welcome but you have to be respectful. 

Furthermore as you pointed out there are other organizations that have take-down mandate in their cyber-domain



On 11/17/16 1:08 PM, Ronald F. Guilmette wrote:
> In message <921851100.1628626.1479378352061 at>, 
> fransossen at wrote:
>> 1) Any audit should be performed to ensure that a resource holder: 
>> A) that the resource holder exist/still exist. 
>>  If the initial set of information was fraudulent, there is no fix, as the
>> initially provided docuemtna were false, no fix possible.
>>  If the company name is incorrect, it can be fixed if it is out of date
>> registrations, undeclared company take over or name change.
>>  If the company does not exist anymore and with no legal successor,
>> resource must be returned to the AFRINIC.
> I wonder if anybody on this list is even aware of this report which I
> posted recently to the NANOG list:
> Does anybody in the whole of the AFRINIC region even give a damn that
> large quantities of unused AFRINIC IPv4 address space are being hijacked,
> as we speak, by American snowshoe spammers?
> And separately, why is it that when I try to obtain, from the AFRINIC
> WHOIS server, records relating to the relevant /16 blocks, none of those
> seem to have any information about the DATE on which these AFRINIC
> allocations were made, nor any CONTACT EMAIL ADDRESSES for the actual
> and legitimate /16 block registrants?
> Is all of this information being deliberately scrubbed from the AFRINIC
> WHOIS data base as a way of helping the criminals to avoid investigation?
> Regards,
> rfg
> P.S.  This post is relevant to the post made by fransossen at because
> all of the many /16 blocks that are affected by this mass IP space hijacking
> appear to be older and "abandoned" blocks.  The bad guys saw that these blocks
> were not being used, and so they helped themselves to all this "free" IPv4
> space.
> If AFRINIC could behave a little less stupidly and start to reclaim some
> of these blocks... many of which may not have even been used for the past
> 10+ years... and then give the blocks instead to entities that would actually
> use them, then this kind of problem would not even arise.
> But I guess that the whole Cloud Innovation incident proves that I should
> not be expecting anything even remotely like "good stewardship" of limited
> IPv4 resources out of Afrinic.
> P.S.  Note also that even unused/abandoned ASNs should be reclaimed (under
> any sensible policy) also.  Right now, all of this massive quantity of
> AFRINIC IPv4 space hijacking is taking place from AS6560 and AS37135
> and it seems pretty clear that both of those ASNs were themselves abandoned
> and are themselves being hijacked also.
> _______________________________________________
> RPD mailing list
> RPD at

More information about the RPD mailing list