<div dir="ltr">Hi Fernando,<div><br></div><div>It's unfortunately extremely difficult to do this - because while an ASN may be allocated by AfriNIC it could be announced from anywhere, and even in the case of where an ASN is allocated by RIPE, it may be used in Africa to announce AfriNIC space (Liquid Telecom is an example of this, where 30844 is a RIPE ASN but almost all the space under it is afrinic allocated and announced in Africa).</div><div><br></div><div>It would be possible to extend the code I wrote to show the source ASN of the prefix's that are reserved - and then potentially to match that against other AfriNIC data to show who the ASN is owned by (if the ASN itself is allocated, in my verification I found that many of these prefix's are being announced by ASN's that are marked as available or reserved)</div><div><br></div><div>I will see what I can do about adding that extra code at some point when I find the time.</div><div><br></div><div>Thanks</div><div><br></div><div>Andrew</div><div><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Wed, Oct 15, 2025 at 3:14 PM Fernando Frediani <<a href="mailto:fhfrediani@gmail.com">fhfrediani@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div>
<p>Would it be possible to get detailed information about AfriNic
prefixes that are currently being announced by different ASNs they
are linked to and potentially being used out of the Africa region
as well ? That would be a pretty interesting information to see.</p>
<p>Regards<br>
Fernando</p>
<div>On 10/15/2025 8:40 AM, Andrew Alston
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Guys,
<div><br>
</div>
<div>So - Firstly a few notes on using the code I'm going to
paste below.</div>
<div><br>
</div>
<div>I created the BGP dump file on a juniper router by running
a "show route protocol bgp | save bgp.dump.txt" and then
copying that dump file to my local system from the Juniper
router. Note - this produces a roughly 400meg file on a full
table router and it takes quite a while to run the command.</div>
<div>Then - I used the delegated-afrinic-extended-latest file
downloaded from the stats ftp server.</div>
<div><br>
</div>
<div>In the code below - if you wish to run similar - change the
char BGP_DUMP[256] and char AFRINIC_EXT[256] global variables
to match the pathing to the relevant files.</div>
<div><br>
</div>
<div>Note that there is some weirdness in this code to deal with
endianness - and I will openly admit its not the cleanest (or
probably most efficient) code - but it does work and I've
verified the results.</div>
<div><br>
</div>
<div>I've pasted the code below the results section.</div>
<div><br>
</div>
<div>So - first the results:</div>
<div><br>
</div>
<div>Found 824064 total available addresses and 4482304 total
reserved addresses<br>
<a href="http://41.57.124.0/22" target="_blank">41.57.124.0/22</a>
fell between reserved range 41.57.124.0 -> 41.57.127.255
[Adding 1024 addresses to potential hijack]<br>
<a href="http://41.57.124.0/23" target="_blank">41.57.124.0/23</a>
fell between reserved range 41.57.124.0 -> 41.57.127.255
[Adding 512 addresses to potential hijack]<br>
<a href="http://41.57.124.0/24" target="_blank">41.57.124.0/24</a>
fell between reserved range 41.57.124.0 -> 41.57.127.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.57.125.0/24" target="_blank">41.57.125.0/24</a>
fell between reserved range 41.57.124.0 -> 41.57.127.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.57.126.0/24" target="_blank">41.57.126.0/24</a>
fell between reserved range 41.57.124.0 -> 41.57.127.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.57.127.0/24" target="_blank">41.57.127.0/24</a>
fell between reserved range 41.57.124.0 -> 41.57.127.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.77.64.0/21" target="_blank">41.77.64.0/21</a>
fell between reserved range 41.77.64.0 -> 41.77.71.255
[Adding 2048 addresses to potential hijack]<br>
<a href="http://41.138.192.0/24" target="_blank">41.138.192.0/24</a>
fell between reserved range 41.138.192.0 -> 41.138.223.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.224.0/24" target="_blank">41.204.224.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.225.0/24" target="_blank">41.204.225.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.226.0/24" target="_blank">41.204.226.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.227.0/24" target="_blank">41.204.227.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.228.0/24" target="_blank">41.204.228.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.229.0/24" target="_blank">41.204.229.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.230.0/24" target="_blank">41.204.230.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.231.0/24" target="_blank">41.204.231.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.232.0/24" target="_blank">41.204.232.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.233.0/24" target="_blank">41.204.233.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.234.0/24" target="_blank">41.204.234.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.235.0/24" target="_blank">41.204.235.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.236.0/24" target="_blank">41.204.236.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.237.0/24" target="_blank">41.204.237.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.238.0/24" target="_blank">41.204.238.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.239.0/24" target="_blank">41.204.239.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.240.0/24" target="_blank">41.204.240.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.241.0/24" target="_blank">41.204.241.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.242.0/24" target="_blank">41.204.242.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.243.0/24" target="_blank">41.204.243.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.244.0/24" target="_blank">41.204.244.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.245.0/24" target="_blank">41.204.245.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.246.0/24" target="_blank">41.204.246.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.247.0/24" target="_blank">41.204.247.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.248.0/24" target="_blank">41.204.248.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.249.0/24" target="_blank">41.204.249.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.250.0/24" target="_blank">41.204.250.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.251.0/24" target="_blank">41.204.251.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.254.0/24" target="_blank">41.204.254.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.204.255.0/24" target="_blank">41.204.255.0/24</a>
fell between reserved range 41.204.224.0 -> 41.204.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.205.224.0/19" target="_blank">41.205.224.0/19</a>
fell between reserved range 41.205.224.0 -> 41.205.255.255
[Adding 8192 addresses to potential hijack]<br>
<a href="http://41.205.225.0/24" target="_blank">41.205.225.0/24</a>
fell between reserved range 41.205.224.0 -> 41.205.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.205.232.0/24" target="_blank">41.205.232.0/24</a>
fell between reserved range 41.205.224.0 -> 41.205.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.205.234.0/24" target="_blank">41.205.234.0/24</a>
fell between reserved range 41.205.224.0 -> 41.205.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.205.235.0/24" target="_blank">41.205.235.0/24</a>
fell between reserved range 41.205.224.0 -> 41.205.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.205.237.0/24" target="_blank">41.205.237.0/24</a>
fell between reserved range 41.205.224.0 -> 41.205.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.205.238.0/24" target="_blank">41.205.238.0/24</a>
fell between reserved range 41.205.224.0 -> 41.205.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.205.239.0/24" target="_blank">41.205.239.0/24</a>
fell between reserved range 41.205.224.0 -> 41.205.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://41.220.48.0/20" target="_blank">41.220.48.0/20</a>
fell between reserved range 41.220.48.0 -> 41.220.63.255
[Adding 4096 addresses to potential hijack]<br>
<a href="http://80.88.6.0/24" target="_blank">80.88.6.0/24</a>
fell between reserved range 80.88.6.0 -> 80.88.6.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://102.128.74.0/24" target="_blank">102.128.74.0/24</a>
fell between reserved range 102.128.72.0 -> 102.128.75.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://102.135.164.0/24" target="_blank">102.135.164.0/24</a>
fell between reserved range 102.135.164.0 ->
102.135.167.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://102.135.165.0/24" target="_blank">102.135.165.0/24</a>
fell between reserved range 102.135.164.0 ->
102.135.167.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://102.135.166.0/24" target="_blank">102.135.166.0/24</a>
fell between reserved range 102.135.164.0 ->
102.135.167.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://102.219.128.0/24" target="_blank">102.219.128.0/24</a>
fell between reserved range 102.219.128.0 ->
102.219.131.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://102.219.129.0/24" target="_blank">102.219.129.0/24</a>
fell between reserved range 102.219.128.0 ->
102.219.131.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://102.219.130.0/24" target="_blank">102.219.130.0/24</a>
fell between reserved range 102.219.128.0 ->
102.219.131.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://102.221.148.0/22" target="_blank">102.221.148.0/22</a>
fell between reserved range 102.221.144.0 ->
102.221.151.255 [Adding 1024 addresses to potential hijack]<br>
<a href="http://156.0.254.0/24" target="_blank">156.0.254.0/24</a>
fell between reserved range 156.0.254.0 -> 156.0.254.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://160.119.208.0/24" target="_blank">160.119.208.0/24</a>
fell between reserved range 160.119.208.0 ->
160.119.211.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://160.119.209.0/24" target="_blank">160.119.209.0/24</a>
fell between reserved range 160.119.208.0 ->
160.119.211.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://164.160.192.0/21" target="_blank">164.160.192.0/21</a>
fell between reserved range 164.160.192.0 ->
164.160.223.255 [Adding 2048 addresses to potential hijack]<br>
<a href="http://169.255.164.0/22" target="_blank">169.255.164.0/22</a>
fell between reserved range 169.255.164.0 ->
169.255.167.255 [Adding 1024 addresses to potential hijack]<br>
<a href="http://193.188.7.0/24" target="_blank">193.188.7.0/24</a>
fell between reserved range 193.188.7.0 -> 193.188.7.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.13.203.0/24" target="_blank">196.13.203.0/24</a>
fell between reserved range 196.13.203.0 -> 196.13.203.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.20.60.0/24" target="_blank">196.20.60.0/24</a>
fell between reserved range 196.20.32.0 -> 196.20.63.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.20.61.0/24" target="_blank">196.20.61.0/24</a>
fell between reserved range 196.20.32.0 -> 196.20.63.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.20.62.0/24" target="_blank">196.20.62.0/24</a>
fell between reserved range 196.20.32.0 -> 196.20.63.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.41.74.0/24" target="_blank">196.41.74.0/24</a>
fell between reserved range 196.41.74.0 -> 196.41.74.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.43.252.0/24" target="_blank">196.43.252.0/24</a>
fell between reserved range 196.43.252.0 -> 196.43.252.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.46.18.0/24" target="_blank">196.46.18.0/24</a>
fell between reserved range 196.46.18.0 -> 196.46.19.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.46.19.0/24" target="_blank">196.46.19.0/24</a>
fell between reserved range 196.46.18.0 -> 196.46.19.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.46.152.0/24" target="_blank">196.46.152.0/24</a>
fell between reserved range 196.46.152.0 -> 196.46.159.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.46.153.0/24" target="_blank">196.46.153.0/24</a>
fell between reserved range 196.46.152.0 -> 196.46.159.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.46.154.0/23" target="_blank">196.46.154.0/23</a>
fell between reserved range 196.46.152.0 -> 196.46.159.255
[Adding 512 addresses to potential hijack]<br>
<a href="http://196.50.21.0/24" target="_blank">196.50.21.0/24</a>
fell between reserved range 196.50.21.0 -> 196.50.21.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.53.113.0/24" target="_blank">196.53.113.0/24</a>
fell between reserved range 196.52.0.0 -> 196.55.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.54.72.0/23" target="_blank">196.54.72.0/23</a>
fell between reserved range 196.52.0.0 -> 196.55.255.255
[Adding 512 addresses to potential hijack]<br>
<a href="http://196.55.102.0/23" target="_blank">196.55.102.0/23</a>
fell between reserved range 196.52.0.0 -> 196.55.255.255
[Adding 512 addresses to potential hijack]<br>
<a href="http://196.63.243.0/24" target="_blank">196.63.243.0/24</a>
fell between reserved range 196.62.0.0 -> 196.63.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.195.4.0/24" target="_blank">196.195.4.0/24</a>
fell between reserved range 196.194.0.0 -> 196.195.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.195.15.0/24" target="_blank">196.195.15.0/24</a>
fell between reserved range 196.194.0.0 -> 196.195.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://196.195.253.0/24" target="_blank">196.195.253.0/24</a>
fell between reserved range 196.194.0.0 -> 196.195.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://197.157.200.0/22" target="_blank">197.157.200.0/22</a>
fell between reserved range 197.157.200.0 ->
197.157.203.255 [Adding 1024 addresses to potential hijack]<br>
<a href="http://197.231.248.0/22" target="_blank">197.231.248.0/22</a>
fell between reserved range 197.231.248.0 ->
197.231.251.255 [Adding 1024 addresses to potential hijack]<br>
<a href="http://197.231.248.0/24" target="_blank">197.231.248.0/24</a>
fell between reserved range 197.231.248.0 ->
197.231.251.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://197.231.249.0/24" target="_blank">197.231.249.0/24</a>
fell between reserved range 197.231.248.0 ->
197.231.251.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://197.231.250.0/24" target="_blank">197.231.250.0/24</a>
fell between reserved range 197.231.248.0 ->
197.231.251.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://197.231.251.0/24" target="_blank">197.231.251.0/24</a>
fell between reserved range 197.231.248.0 ->
197.231.251.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://197.234.208.0/24" target="_blank">197.234.208.0/24</a>
fell between reserved range 197.234.208.0 ->
197.234.215.255 [Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.224.0/24" target="_blank">212.12.224.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.225.0/24" target="_blank">212.12.225.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.226.0/24" target="_blank">212.12.226.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.227.0/24" target="_blank">212.12.227.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.229.0/24" target="_blank">212.12.229.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.231.0/24" target="_blank">212.12.231.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.232.0/24" target="_blank">212.12.232.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.233.0/24" target="_blank">212.12.233.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.234.0/24" target="_blank">212.12.234.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.235.0/24" target="_blank">212.12.235.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.236.0/24" target="_blank">212.12.236.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.237.0/24" target="_blank">212.12.237.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.238.0/24" target="_blank">212.12.238.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.239.0/24" target="_blank">212.12.239.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.240.0/24" target="_blank">212.12.240.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.241.0/24" target="_blank">212.12.241.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.242.0/24" target="_blank">212.12.242.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.243.0/24" target="_blank">212.12.243.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.244.0/24" target="_blank">212.12.244.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.245.0/24" target="_blank">212.12.245.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.246.0/24" target="_blank">212.12.246.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.247.0/24" target="_blank">212.12.247.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.248.0/24" target="_blank">212.12.248.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.249.0/24" target="_blank">212.12.249.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.250.0/24" target="_blank">212.12.250.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.251.0/24" target="_blank">212.12.251.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.252.0/24" target="_blank">212.12.252.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.254.0/24" target="_blank">212.12.254.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://212.12.255.0/24" target="_blank">212.12.255.0/24</a>
fell between reserved range 212.12.224.0 -> 212.12.255.255
[Adding 256 addresses to potential hijack]<br>
Found 50176 potentially hijacked addresses</div>
<div><br>
</div>
<div>--- Below here is the code (I didn't know if I could send
attachments to the RPD list so I just pasted the code
straight) ---</div>
<div><br>
</div>
<div>//<br>
// main.c<br>
// AfrinicAudit<br>
//<br>
// Created by Andrew Alston on 15/10/2025.<br>
// Code is considered open use with no restrictions.<br>
//<br>
<br>
#include <stdlib.h><br>
#include <stdio.h><br>
#include <string.h><br>
#include <arpa/inet.h><br>
<br>
char BGP_DUMP[256] = "/Users/aalston/audit/bgp.dump.txt";<br>
char AFRINIC_EXT[256] =
"/Users/aalston/audit/delegated-afrinic-extended-latest";<br>
<br>
struct routes {<br>
unsigned int network;<br>
unsigned int broadcast;<br>
unsigned int mask;<br>
unsigned short cidr;<br>
};<br>
<br>
struct audit {<br>
struct routes *dfz;<br>
int dfz_count;<br>
struct routes *reserved;<br>
int total_resv;<br>
int rc;<br>
struct routes *available;<br>
int total_avail;<br>
int ac;<br>
};<br>
<br>
int parse_afrinic_extended(char *afext, struct audit *output)
{<br>
FILE *dump = fopen(afext, "r");<br>
if(!dump)<br>
return -1;<br>
char buffer[1024] = {0};<br>
char *delim;<br>
output->rc = 0;<br>
while(fgets(buffer, 1024, dump)) {<br>
if(strstr(buffer, "ZZ") && strstr(buffer,
"reserved") && strstr(buffer, "ipv4")) {<br>
output->rc++;<br>
}<br>
}<br>
output->reserved = calloc(output->rc, sizeof(struct
routes));<br>
if(!output->reserved)<br>
return -1;<br>
output->rc = 0;<br>
struct routes *resv = output->reserved;<br>
rewind(dump);<br>
while(fgets(buffer, 1024, dump)) {<br>
if(strstr(buffer, "ZZ") && strstr(buffer,
"reserved") && strstr(buffer, "ipv4")) {<br>
delim = strtok(buffer, "|");<br>
for(int i = 0; i < 3; i++)<br>
delim = strtok(NULL, "|");<br>
inet_pton(AF_INET, delim,
&resv[output->rc].network);<br>
resv[output->rc].network =
__builtin_bswap32(resv[output->rc].network);<br>
delim = strtok(NULL, "|");<br>
unsigned int addr_count = atoi(delim);<br>
output->total_resv += addr_count;<br>
resv[output->rc].broadcast =
resv[output->rc].network+(addr_count-1);<br>
resv[output->rc].network =
__builtin_bswap32(resv[output->rc].network);<br>
resv[output->rc].broadcast =
__builtin_bswap32(resv[output->rc].broadcast);<br>
resv[output->rc].mask =
~__builtin_bswap32((unsigned int)addr_count-1);<br>
output->rc++;<br>
}<br>
}<br>
rewind(dump);<br>
while(fgets(buffer, 1024, dump)) {<br>
if(strstr(buffer, "ZZ") && strstr(buffer,
"available") && strstr(buffer, "ipv4")) {<br>
output->ac++;<br>
}<br>
}<br>
output->available = calloc(output->ac, sizeof(struct
routes));<br>
if(!output->available)<br>
return -1;<br>
struct routes *avail = output->available;<br>
rewind(dump);<br>
while(fgets(buffer, 1024, dump)) {<br>
if(strstr(buffer, "ZZ") && strstr(buffer,
"available") && strstr(buffer, "ipv4")) {<br>
delim = strtok(buffer, "|");<br>
for(int i = 0; i < 3; i++)<br>
delim = strtok(NULL, "|");<br>
inet_pton(AF_INET, delim,
&avail[output->ac].network);<br>
avail[output->ac].network =
__builtin_bswap32(avail[output->ac].network);<br>
delim = strtok(NULL, "|");<br>
unsigned int addr_count = atoi(delim);<br>
output->total_avail += addr_count;<br>
avail[output->ac].broadcast =
avail[output->ac].network+(addr_count-1);<br>
avail[output->ac].mask =
~__builtin_bswap32((unsigned int)addr_count-1);<br>
output->ac++;<br>
}<br>
}<br>
fclose(dump);<br>
return 0;<br>
}<br>
<br>
int parse_dfz(char *dfz_dump, struct audit *output) {<br>
FILE *dump = fopen(dfz_dump, "r");<br>
char buffer[1024] = {0};<br>
int rc = 0, mult = 0, cidr = 0;<br>
char *delim;<br>
if(!dump) {<br>
return -1;<br>
}<br>
while(fgets(buffer, 1024, dump)) {<br>
if(buffer[0] >= '1' && buffer[0] <= '9'
&& strtok(buffer, "/") && strchr(buffer, '.'))
{<br>
rc++;<br>
}<br>
}<br>
output->dfz = calloc(rc, sizeof(struct routes));<br>
output->dfz_count = rc;<br>
if(!output->dfz) {<br>
return -1;<br>
}<br>
rewind(dump);<br>
rc = 0;<br>
while(fgets(buffer, 1024, dump)) {<br>
if(buffer[0] >= '1' && buffer[0] <= '9')
{<br>
cidr = 0;<br>
delim = strtok(buffer, "/");<br>
delim = strtok(NULL, "/");<br>
if(!delim) {<br>
memset(buffer, 0, 1024);<br>
continue;<br>
}<br>
mult = 1;<br>
for(int i = 0; i < 3; i++) {<br>
if(delim[i] >= '0' && delim[i]
<= '9') {<br>
cidr = cidr * mult+(9-('9'-delim[i]));<br>
mult*=10;<br>
}<br>
}<br>
delim = strchr(buffer, '.');<br>
if(!delim) {<br>
memset(buffer, 0, 1024);<br>
continue;<br>
}<br>
output->dfz[rc].cidr = cidr;<br>
inet_pton(AF_INET, buffer,
&output->dfz[rc].network);<br>
output->dfz[rc].cidr = cidr;<br>
output->dfz[rc].network =
__builtin_bswap32((unsigned int)output->dfz[rc].network);<br>
output->dfz[rc].mask = (~(unsigned int)0)
<< (32-cidr);<br>
output->dfz[rc].broadcast =
output->dfz[rc].network + ((~(unsigned int)0) >>
cidr);<br>
output->dfz[rc].network =
__builtin_bswap32((unsigned int)output->dfz[rc].network);<br>
output->dfz[rc].broadcast =
__builtin_bswap32((unsigned int)output->dfz[rc].broadcast);<br>
rc++;<br>
memset(buffer, 0, 1024);<br>
}<br>
}<br>
fclose(dump);<br>
return 0;<br>
}<br>
<br>
int audit_reserved(struct audit *data) {<br>
int hijack_count = 0;<br>
for(int i = 0; i < data->dfz_count; i++) {<br>
unsigned int dfz_net = __builtin_bswap32((unsigned
int)data->dfz[i].network);<br>
unsigned int dfz_bcast = __builtin_bswap32((unsigned
int)data->dfz[i].broadcast);<br>
for(int r = 0; r < data->rc; r++) {<br>
unsigned int resv_net =
__builtin_bswap32((unsigned int)data->reserved[r].network);<br>
unsigned int resv_bcast =
__builtin_bswap32((unsigned
int)data->reserved[r].broadcast);<br>
if(dfz_net >= resv_net && dfz_net <=
resv_bcast) {<br>
hijack_count += ((dfz_bcast-dfz_net)+1);<br>
char dfz_route[INET_ADDRSTRLEN] = {0};<br>
char resv_network[INET_ADDRSTRLEN] = {0};<br>
char resv_broadcast[INET_ADDRSTRLEN] = {0};<br>
inet_ntop(AF_INET,
&data->dfz[i].network, dfz_route, INET_ADDRSTRLEN);<br>
inet_ntop(AF_INET,
&data->reserved[r].network, resv_network,
INET_ADDRSTRLEN);<br>
inet_ntop(AF_INET,
&data->reserved[r].broadcast, resv_broadcast,
INET_ADDRSTRLEN);<br>
printf("%s/%d fell between reserved range %s
-> %s [Adding %d addresses to potential hijack]\n",<br>
dfz_route, data->dfz[i].cidr,
resv_network, resv_broadcast, (dfz_bcast-dfz_net)+1);<br>
}<br>
}<br>
for(int a = 0; a < data->ac; a++) {<br>
unsigned int avail_net =
__builtin_bswap32((unsigned
int)data->available[a].network);<br>
unsigned int avail_bcast =
__builtin_bswap32((unsigned
int)data->available[a].broadcast);<br>
if(dfz_net >= data->available[a].network
&& dfz_net <= data->available[a].broadcast) {<br>
hijack_count +=
((data->available[a].broadcast-data->available[a].network)+1);<br>
char dfz_route[INET_ADDRSTRLEN] = {0};<br>
char avail_network[INET_ADDRSTRLEN] = {0};<br>
char avail_broadcast[INET_ADDRSTRLEN] = {0};<br>
inet_ntop(AF_INET,
&data->dfz[i].network, dfz_route, INET_ADDRSTRLEN);<br>
inet_ntop(AF_INET, &avail_net,
avail_network, INET_ADDRSTRLEN);<br>
inet_ntop(AF_INET, &avail_bcast,
avail_broadcast, INET_ADDRSTRLEN);<br>
printf("%s/%d fell between available range %s
-> %s\n", dfz_route, data->dfz[i].cidr, avail_network,
avail_broadcast);<br>
}<br>
}<br>
}<br>
printf("Found %d potentially hijacked addresses\n",
hijack_count);<br>
return 0;<br>
}<br>
<br>
int main(int argc, const char * argv[]) {<br>
struct audit data = {0};<br>
if(parse_dfz(BGP_DUMP, &data))<br>
return EXIT_FAILURE;<br>
if(parse_afrinic_extended(AFRINIC_EXT, &data))<br>
return EXIT_FAILURE;<br>
printf("Found %d total available addresses and %d total
reserved addresses\n", data.total_avail, data.total_resv);<br>
audit_reserved(&data);<br>
return EXIT_SUCCESS;<br>
}<br>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
RPD mailing list
<a href="mailto:RPD@afrinic.net" target="_blank">RPD@afrinic.net</a>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" target="_blank">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
RPD mailing list<br>
<a href="mailto:RPD@afrinic.net" target="_blank">RPD@afrinic.net</a><br>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" rel="noreferrer" target="_blank">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
</blockquote></div>