Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Mass Hijacking of AFRINIC IPv4 Space by U.S.A. Spammers

Ronald F. Guilmette rfg at tristatelogic.com
Fri Nov 18 06:29:50 UTC 2016 

In message <8aa07de1-a99e-8b10-a7b7-5ca30bcd120f at geier.ne.tz>, 
Frank Habicht <geier at geier.ne.tz> wrote:

>On 11/17/2016 10:08 PM, Ronald F. Guilmette wrote:
>> Does anybody in the whole of the AFRINIC region even give a damn that
>> large quantities of unused AFRINIC IPv4 address space are being hijacked,
>> as we speak, by American snowshoe spammers?
>
>Hmmm. Source of the problem?

Yes.  Absolutely.  We make the best of everything... including even crooks.

>> And separately, why is it that when I try to obtain, from the AFRINIC
>> WHOIS server, records relating to the relevant /16 blocks, none of those
>> seem to have any information about the DATE on which these AFRINIC
>> allocations were made, 
>
>Nick answered that on October 29th.
>http://mailman.nanog.org/pipermail/nanog/2016-October/088976.html

OK. thanks for reminding me about this.  I dimly remembered that -somebody-
had said something to me about some special option I needed to use, just
to get useful data out of the AFRINIC WHOIS server, but then I got busy
and distracted working on other things, forgot what the magic option
was, and then, when I tried to find out again what the secret option
was, I went to the web and tried to find it on this page:

http://www.afrinic.net/library/corporate-documents/197-database-afrinic-database-reference-manual-

and I could not find it on there anywhere, so I just gave up and assumed
that even if there was some secret option to get real and complete data,
it was being hidden so that mere mortals couldn't find it or use it.

But anyway, I don't understand the point of filtering out the really
useful data by default anyway.  I mean why should one have to use a special
undocumented option anyway?  What's the point?  Does anybody think that
this is going to materially slow down the determined spammers who are
intent upon mining the AFRINIC data base for email addresses?  This is
just silly.  Bad engineering. and even worse documentation, it seems.

>> Is all of this information being deliberately scrubbed from the AFRINIC
>> WHOIS data base as a way of helping the criminals to avoid investigation?
>

>No. it is not deliberately scrubbed. It is not scrubbed at all.

We will have to agree to disagree.

By default, and without the magic undocumented option, the data returned
bny the WHOIS server *is* "scrubbed"... although *why* that is being
done is beyond me.


Regards,
rfg

More information about the RPD mailing list