<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,</p>
<blockquote type="cite"
cite="mid:EA01D18E-0367-4F5F-9CC8-791B5E60E40C@delong.com">
<div dir="ltr">Your count of two prefixes originated by a
different AS counts a /22 superset and a /23 more specific in
the same block. Perhaps we should only count the largest
aggregates (minimum equivalent prefixes) announced by each
non-matching ASN. </div>
</blockquote>
<p>Sorry if I was unclear. We originate the /23, but it forms part
of the larger /22, so the /23 should get counted here, but yes, if
we also originated the two /24s or one of them only, all of that
since it's more specifics of the /23 should only be counted once,
so you're still right in that only the largest aggregates should
be counted.</p>
<blockquote type="cite"
cite="mid:EA01D18E-0367-4F5F-9CC8-791B5E60E40C@delong.com">
<div dir="ltr"><br>
</div>
<div dir="ltr">As you pointed out, there are plenty of legitimate
cases for this. For example, some ISPs will issue space to
multi-homed customers who will then originate more specifics
assigned to them from their own ASN while the covering aggregate
would be announced by the ISP, but not the more specifics. </div>
</blockquote>
<p>I'd like to get an idea of prevalent this really is.<br>
<br>
Kind regards,<br>
Jaco</p>
<blockquote type="cite"
cite="mid:EA01D18E-0367-4F5F-9CC8-791B5E60E40C@delong.com">
<div dir="ltr"><br>
</div>
<div dir="ltr">Owen</div>
<div dir="ltr"><br>
</div>
<div dir="ltr"><br>
<blockquote type="cite">On Oct 16, 2025, at 00:03, Jaco Kroon
<a class="moz-txt-link-rfc2396E" href="mailto:jaco@uls.co.za"><jaco@uls.co.za></a> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<meta http-equiv="Content-Type"
content="text/html; charset=UTF-8">
<p>Hi,<br>
<br>
Two notes from my side:<br>
<br>
1. Isn't this (in part) what the whole AS0 policy was
about? Such that space that's reserved/not issued by
Afrinic can be protected? (Having inherited previously
abused space ... I'm 100% behind such a policy).<br>
<br>
2. Whilst I agree with Andrew that it's difficult to
determine the exact Geographical location of originations,
and I like his concept of looking at reserved/available
ASNs, I do think something that makes an equal amount of
sense is to get an idea of the space issued to an org not
originated by that org ... there are legitimate cases (eg,
we originate space on behalf of one of our customers, used
exclusively by that client), so I'm more interested in cases
like "space issued to org X originated from Y non-X ASNs"
(ie, don't count space where both the ASN and the space is
assigned to the same ORG). As concrete examples:<br>
<br>
154.73.32.0/22 => org: ORG-ULSC1-AFRINIC<br>
AS327767 => org: ORG-ULSC1-AFRINIC<br>
<br>
That need not be counted.<br>
<br>
102.214.182.0/23 => 102.214.180.0/22 => org:
ORG-DCC1-AFRINIC<br>
AS327767 => org: ORG-ULSC1-AFRINIC<br>
<br>
Count these cases, and group by ORG. So the above would
result in:<br>
<br>
ORG-DCC1-AFRINIC originates 1 prefix from 1 alternative ASN.<br>
<br>
Andrew - I'd be happy to assist with some code for counting
this if you throw the base on github and don't mind making
that dump of yours for the DFZ data available.<br>
<br>
Kind regards,<br>
Jaco</p>
<div class="moz-cite-prefix">On 2025/10/15 14:35, Fernando
Frediani wrote:<br>
</div>
<blockquote type="cite"
cite="mid:34cba83c-e08f-48d5-9815-ee9637e618ba@gmail.com">
<meta http-equiv="Content-Type"
content="text/html; charset=UTF-8">
<p>Yeah it could be, but I would say that alone is already
something that can bring attention to resources because it
is not what is widely expected. I would easily believe
that a fair amount of space announce by other ASNs other
than the one linked to it in the whois may not be what was
desired or justified at the same resources were allocated.
There are valid examples as you mentioned, but I would say
they are the fewer.</p>
<p>I think the most important in this context is find out if
the resources are being use in Africa or not which it is
slightly more complex to asses than matching with whois
data.</p>
<p>Fernando</p>
<div class="moz-cite-prefix">On 10/15/2025 9:24 AM, Andrew
Alston wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAD52VQ3xi8-7Cdrf=ZuFKsrJ_6sgFofXJ_VWyQJw3FK-PpcX-w@mail.gmail.com">
<meta http-equiv="content-type"
content="text/html; charset=UTF-8">
<div dir="ltr">Hi Fernando,
<div><br>
</div>
<div>It's unfortunately extremely difficult to do this -
because while an ASN may be allocated by AfriNIC it
could be announced from anywhere, and even in the case
of where an ASN is allocated by RIPE, it may be used
in Africa to announce AfriNIC space (Liquid Telecom is
an example of this, where 30844 is a RIPE ASN but
almost all the space under it is afrinic allocated and
announced in Africa).</div>
<div><br>
</div>
<div>It would be possible to extend the code I wrote to
show the source ASN of the prefix's that are reserved
- and then potentially to match that against other
AfriNIC data to show who the ASN is owned by (if the
ASN itself is allocated, in my verification I found
that many of these prefix's are being announced by
ASN's that are marked as available or reserved)</div>
<div><br>
</div>
<div>I will see what I can do about adding that extra
code at some point when I find the time.</div>
<div><br>
</div>
<div>Thanks</div>
<div><br>
</div>
<div>Andrew</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote gmail_quote_container">
<div dir="ltr" class="gmail_attr">On Wed, Oct 15, 2025
at 3:14 PM Fernando Frediani <<a
href="mailto:fhfrediani@gmail.com"
moz-do-not-send="true" class="moz-txt-link-freetext">fhfrediani@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Would it be possible to get detailed information
about AfriNic prefixes that are currently being
announced by different ASNs they are linked to and
potentially being used out of the Africa region as
well ? That would be a pretty interesting
information to see.</p>
<p>Regards<br>
Fernando</p>
<div>On 10/15/2025 8:40 AM, Andrew Alston wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Guys,
<div><br>
</div>
<div>So - Firstly a few notes on using the code
I'm going to paste below.</div>
<div><br>
</div>
<div>I created the BGP dump file on a juniper
router by running a "show route protocol bgp |
save bgp.dump.txt" and then copying that dump
file to my local system from the Juniper
router. Note - this produces a roughly 400meg
file on a full table router and it takes quite
a while to run the command.</div>
<div>Then - I used the
delegated-afrinic-extended-latest file
downloaded from the stats ftp server.</div>
<div><br>
</div>
<div>In the code below - if you wish to run
similar - change the char BGP_DUMP[256] and
char AFRINIC_EXT[256] global variables to
match the pathing to the relevant files.</div>
<div><br>
</div>
<div>Note that there is some weirdness in this
code to deal with endianness - and I will
openly admit its not the cleanest (or probably
most efficient) code - but it does work and
I've verified the results.</div>
<div><br>
</div>
<div>I've pasted the code below the results
section.</div>
<div><br>
</div>
<div>So - first the results:</div>
<div><br>
</div>
<div>Found 824064 total available addresses and
4482304 total reserved addresses<br>
<a href="http://41.57.124.0/22"
target="_blank" moz-do-not-send="true">41.57.124.0/22</a>
fell between reserved range 41.57.124.0 ->
41.57.127.255 [Adding 1024 addresses to
potential hijack]<br>
<a href="http://41.57.124.0/23"
target="_blank" moz-do-not-send="true">41.57.124.0/23</a>
fell between reserved range 41.57.124.0 ->
41.57.127.255 [Adding 512 addresses to
potential hijack]<br>
<a href="http://41.57.124.0/24"
target="_blank" moz-do-not-send="true">41.57.124.0/24</a>
fell between reserved range 41.57.124.0 ->
41.57.127.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.57.125.0/24"
target="_blank" moz-do-not-send="true">41.57.125.0/24</a>
fell between reserved range 41.57.124.0 ->
41.57.127.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.57.126.0/24"
target="_blank" moz-do-not-send="true">41.57.126.0/24</a>
fell between reserved range 41.57.124.0 ->
41.57.127.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.57.127.0/24"
target="_blank" moz-do-not-send="true">41.57.127.0/24</a>
fell between reserved range 41.57.124.0 ->
41.57.127.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.77.64.0/21" target="_blank"
moz-do-not-send="true">41.77.64.0/21</a>
fell between reserved range 41.77.64.0 ->
41.77.71.255 [Adding 2048 addresses to
potential hijack]<br>
<a href="http://41.138.192.0/24"
target="_blank" moz-do-not-send="true">41.138.192.0/24</a>
fell between reserved range 41.138.192.0 ->
41.138.223.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.224.0/24"
target="_blank" moz-do-not-send="true">41.204.224.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.225.0/24"
target="_blank" moz-do-not-send="true">41.204.225.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.226.0/24"
target="_blank" moz-do-not-send="true">41.204.226.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.227.0/24"
target="_blank" moz-do-not-send="true">41.204.227.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.228.0/24"
target="_blank" moz-do-not-send="true">41.204.228.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.229.0/24"
target="_blank" moz-do-not-send="true">41.204.229.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.230.0/24"
target="_blank" moz-do-not-send="true">41.204.230.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.231.0/24"
target="_blank" moz-do-not-send="true">41.204.231.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.232.0/24"
target="_blank" moz-do-not-send="true">41.204.232.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.233.0/24"
target="_blank" moz-do-not-send="true">41.204.233.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.234.0/24"
target="_blank" moz-do-not-send="true">41.204.234.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.235.0/24"
target="_blank" moz-do-not-send="true">41.204.235.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.236.0/24"
target="_blank" moz-do-not-send="true">41.204.236.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.237.0/24"
target="_blank" moz-do-not-send="true">41.204.237.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.238.0/24"
target="_blank" moz-do-not-send="true">41.204.238.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.239.0/24"
target="_blank" moz-do-not-send="true">41.204.239.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.240.0/24"
target="_blank" moz-do-not-send="true">41.204.240.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.241.0/24"
target="_blank" moz-do-not-send="true">41.204.241.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.242.0/24"
target="_blank" moz-do-not-send="true">41.204.242.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.243.0/24"
target="_blank" moz-do-not-send="true">41.204.243.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.244.0/24"
target="_blank" moz-do-not-send="true">41.204.244.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.245.0/24"
target="_blank" moz-do-not-send="true">41.204.245.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.246.0/24"
target="_blank" moz-do-not-send="true">41.204.246.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.247.0/24"
target="_blank" moz-do-not-send="true">41.204.247.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.248.0/24"
target="_blank" moz-do-not-send="true">41.204.248.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.249.0/24"
target="_blank" moz-do-not-send="true">41.204.249.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.250.0/24"
target="_blank" moz-do-not-send="true">41.204.250.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.251.0/24"
target="_blank" moz-do-not-send="true">41.204.251.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.254.0/24"
target="_blank" moz-do-not-send="true">41.204.254.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.204.255.0/24"
target="_blank" moz-do-not-send="true">41.204.255.0/24</a>
fell between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.205.224.0/19"
target="_blank" moz-do-not-send="true">41.205.224.0/19</a>
fell between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 8192 addresses to
potential hijack]<br>
<a href="http://41.205.225.0/24"
target="_blank" moz-do-not-send="true">41.205.225.0/24</a>
fell between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.205.232.0/24"
target="_blank" moz-do-not-send="true">41.205.232.0/24</a>
fell between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.205.234.0/24"
target="_blank" moz-do-not-send="true">41.205.234.0/24</a>
fell between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.205.235.0/24"
target="_blank" moz-do-not-send="true">41.205.235.0/24</a>
fell between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.205.237.0/24"
target="_blank" moz-do-not-send="true">41.205.237.0/24</a>
fell between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.205.238.0/24"
target="_blank" moz-do-not-send="true">41.205.238.0/24</a>
fell between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.205.239.0/24"
target="_blank" moz-do-not-send="true">41.205.239.0/24</a>
fell between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://41.220.48.0/20"
target="_blank" moz-do-not-send="true">41.220.48.0/20</a>
fell between reserved range 41.220.48.0 ->
41.220.63.255 [Adding 4096 addresses to
potential hijack]<br>
<a href="http://80.88.6.0/24" target="_blank"
moz-do-not-send="true">80.88.6.0/24</a> fell
between reserved range 80.88.6.0 ->
80.88.6.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://102.128.74.0/24"
target="_blank" moz-do-not-send="true">102.128.74.0/24</a>
fell between reserved range 102.128.72.0 ->
102.128.75.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://102.135.164.0/24"
target="_blank" moz-do-not-send="true">102.135.164.0/24</a>
fell between reserved range 102.135.164.0
-> 102.135.167.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://102.135.165.0/24"
target="_blank" moz-do-not-send="true">102.135.165.0/24</a>
fell between reserved range 102.135.164.0
-> 102.135.167.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://102.135.166.0/24"
target="_blank" moz-do-not-send="true">102.135.166.0/24</a>
fell between reserved range 102.135.164.0
-> 102.135.167.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://102.219.128.0/24"
target="_blank" moz-do-not-send="true">102.219.128.0/24</a>
fell between reserved range 102.219.128.0
-> 102.219.131.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://102.219.129.0/24"
target="_blank" moz-do-not-send="true">102.219.129.0/24</a>
fell between reserved range 102.219.128.0
-> 102.219.131.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://102.219.130.0/24"
target="_blank" moz-do-not-send="true">102.219.130.0/24</a>
fell between reserved range 102.219.128.0
-> 102.219.131.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://102.221.148.0/22"
target="_blank" moz-do-not-send="true">102.221.148.0/22</a>
fell between reserved range 102.221.144.0
-> 102.221.151.255 [Adding 1024 addresses
to potential hijack]<br>
<a href="http://156.0.254.0/24"
target="_blank" moz-do-not-send="true">156.0.254.0/24</a>
fell between reserved range 156.0.254.0 ->
156.0.254.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://160.119.208.0/24"
target="_blank" moz-do-not-send="true">160.119.208.0/24</a>
fell between reserved range 160.119.208.0
-> 160.119.211.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://160.119.209.0/24"
target="_blank" moz-do-not-send="true">160.119.209.0/24</a>
fell between reserved range 160.119.208.0
-> 160.119.211.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://164.160.192.0/21"
target="_blank" moz-do-not-send="true">164.160.192.0/21</a>
fell between reserved range 164.160.192.0
-> 164.160.223.255 [Adding 2048 addresses
to potential hijack]<br>
<a href="http://169.255.164.0/22"
target="_blank" moz-do-not-send="true">169.255.164.0/22</a>
fell between reserved range 169.255.164.0
-> 169.255.167.255 [Adding 1024 addresses
to potential hijack]<br>
<a href="http://193.188.7.0/24"
target="_blank" moz-do-not-send="true">193.188.7.0/24</a>
fell between reserved range 193.188.7.0 ->
193.188.7.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.13.203.0/24"
target="_blank" moz-do-not-send="true">196.13.203.0/24</a>
fell between reserved range 196.13.203.0 ->
196.13.203.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.20.60.0/24"
target="_blank" moz-do-not-send="true">196.20.60.0/24</a>
fell between reserved range 196.20.32.0 ->
196.20.63.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.20.61.0/24"
target="_blank" moz-do-not-send="true">196.20.61.0/24</a>
fell between reserved range 196.20.32.0 ->
196.20.63.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.20.62.0/24"
target="_blank" moz-do-not-send="true">196.20.62.0/24</a>
fell between reserved range 196.20.32.0 ->
196.20.63.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.41.74.0/24"
target="_blank" moz-do-not-send="true">196.41.74.0/24</a>
fell between reserved range 196.41.74.0 ->
196.41.74.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.43.252.0/24"
target="_blank" moz-do-not-send="true">196.43.252.0/24</a>
fell between reserved range 196.43.252.0 ->
196.43.252.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.46.18.0/24"
target="_blank" moz-do-not-send="true">196.46.18.0/24</a>
fell between reserved range 196.46.18.0 ->
196.46.19.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.46.19.0/24"
target="_blank" moz-do-not-send="true">196.46.19.0/24</a>
fell between reserved range 196.46.18.0 ->
196.46.19.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.46.152.0/24"
target="_blank" moz-do-not-send="true">196.46.152.0/24</a>
fell between reserved range 196.46.152.0 ->
196.46.159.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.46.153.0/24"
target="_blank" moz-do-not-send="true">196.46.153.0/24</a>
fell between reserved range 196.46.152.0 ->
196.46.159.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.46.154.0/23"
target="_blank" moz-do-not-send="true">196.46.154.0/23</a>
fell between reserved range 196.46.152.0 ->
196.46.159.255 [Adding 512 addresses to
potential hijack]<br>
<a href="http://196.50.21.0/24"
target="_blank" moz-do-not-send="true">196.50.21.0/24</a>
fell between reserved range 196.50.21.0 ->
196.50.21.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.53.113.0/24"
target="_blank" moz-do-not-send="true">196.53.113.0/24</a>
fell between reserved range 196.52.0.0 ->
196.55.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.54.72.0/23"
target="_blank" moz-do-not-send="true">196.54.72.0/23</a>
fell between reserved range 196.52.0.0 ->
196.55.255.255 [Adding 512 addresses to
potential hijack]<br>
<a href="http://196.55.102.0/23"
target="_blank" moz-do-not-send="true">196.55.102.0/23</a>
fell between reserved range 196.52.0.0 ->
196.55.255.255 [Adding 512 addresses to
potential hijack]<br>
<a href="http://196.63.243.0/24"
target="_blank" moz-do-not-send="true">196.63.243.0/24</a>
fell between reserved range 196.62.0.0 ->
196.63.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.195.4.0/24"
target="_blank" moz-do-not-send="true">196.195.4.0/24</a>
fell between reserved range 196.194.0.0 ->
196.195.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.195.15.0/24"
target="_blank" moz-do-not-send="true">196.195.15.0/24</a>
fell between reserved range 196.194.0.0 ->
196.195.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://196.195.253.0/24"
target="_blank" moz-do-not-send="true">196.195.253.0/24</a>
fell between reserved range 196.194.0.0 ->
196.195.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://197.157.200.0/22"
target="_blank" moz-do-not-send="true">197.157.200.0/22</a>
fell between reserved range 197.157.200.0
-> 197.157.203.255 [Adding 1024 addresses
to potential hijack]<br>
<a href="http://197.231.248.0/22"
target="_blank" moz-do-not-send="true">197.231.248.0/22</a>
fell between reserved range 197.231.248.0
-> 197.231.251.255 [Adding 1024 addresses
to potential hijack]<br>
<a href="http://197.231.248.0/24"
target="_blank" moz-do-not-send="true">197.231.248.0/24</a>
fell between reserved range 197.231.248.0
-> 197.231.251.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://197.231.249.0/24"
target="_blank" moz-do-not-send="true">197.231.249.0/24</a>
fell between reserved range 197.231.248.0
-> 197.231.251.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://197.231.250.0/24"
target="_blank" moz-do-not-send="true">197.231.250.0/24</a>
fell between reserved range 197.231.248.0
-> 197.231.251.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://197.231.251.0/24"
target="_blank" moz-do-not-send="true">197.231.251.0/24</a>
fell between reserved range 197.231.248.0
-> 197.231.251.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://197.234.208.0/24"
target="_blank" moz-do-not-send="true">197.234.208.0/24</a>
fell between reserved range 197.234.208.0
-> 197.234.215.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.224.0/24"
target="_blank" moz-do-not-send="true">212.12.224.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.225.0/24"
target="_blank" moz-do-not-send="true">212.12.225.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.226.0/24"
target="_blank" moz-do-not-send="true">212.12.226.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.227.0/24"
target="_blank" moz-do-not-send="true">212.12.227.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.229.0/24"
target="_blank" moz-do-not-send="true">212.12.229.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.231.0/24"
target="_blank" moz-do-not-send="true">212.12.231.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.232.0/24"
target="_blank" moz-do-not-send="true">212.12.232.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.233.0/24"
target="_blank" moz-do-not-send="true">212.12.233.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.234.0/24"
target="_blank" moz-do-not-send="true">212.12.234.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.235.0/24"
target="_blank" moz-do-not-send="true">212.12.235.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.236.0/24"
target="_blank" moz-do-not-send="true">212.12.236.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.237.0/24"
target="_blank" moz-do-not-send="true">212.12.237.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.238.0/24"
target="_blank" moz-do-not-send="true">212.12.238.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.239.0/24"
target="_blank" moz-do-not-send="true">212.12.239.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.240.0/24"
target="_blank" moz-do-not-send="true">212.12.240.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.241.0/24"
target="_blank" moz-do-not-send="true">212.12.241.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.242.0/24"
target="_blank" moz-do-not-send="true">212.12.242.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.243.0/24"
target="_blank" moz-do-not-send="true">212.12.243.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.244.0/24"
target="_blank" moz-do-not-send="true">212.12.244.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.245.0/24"
target="_blank" moz-do-not-send="true">212.12.245.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.246.0/24"
target="_blank" moz-do-not-send="true">212.12.246.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.247.0/24"
target="_blank" moz-do-not-send="true">212.12.247.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.248.0/24"
target="_blank" moz-do-not-send="true">212.12.248.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.249.0/24"
target="_blank" moz-do-not-send="true">212.12.249.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.250.0/24"
target="_blank" moz-do-not-send="true">212.12.250.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.251.0/24"
target="_blank" moz-do-not-send="true">212.12.251.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.252.0/24"
target="_blank" moz-do-not-send="true">212.12.252.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.254.0/24"
target="_blank" moz-do-not-send="true">212.12.254.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
<a href="http://212.12.255.0/24"
target="_blank" moz-do-not-send="true">212.12.255.0/24</a>
fell between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to
potential hijack]<br>
Found 50176 potentially hijacked addresses</div>
<div><br>
</div>
<div>--- Below here is the code (I didn't know
if I could send attachments to the RPD list so
I just pasted the code straight) ---</div>
<div><br>
</div>
<div>//<br>
// main.c<br>
// AfrinicAudit<br>
//<br>
// Created by Andrew Alston on 15/10/2025.<br>
// Code is considered open use with no
restrictions.<br>
//<br>
<br>
#include <stdlib.h><br>
#include <stdio.h><br>
#include <string.h><br>
#include <arpa/inet.h><br>
<br>
char BGP_DUMP[256] =
"/Users/aalston/audit/bgp.dump.txt";<br>
char AFRINIC_EXT[256] =
"/Users/aalston/audit/delegated-afrinic-extended-latest";<br>
<br>
struct routes {<br>
unsigned int network;<br>
unsigned int broadcast;<br>
unsigned int mask;<br>
unsigned short cidr;<br>
};<br>
<br>
struct audit {<br>
struct routes *dfz;<br>
int dfz_count;<br>
struct routes *reserved;<br>
int total_resv;<br>
int rc;<br>
struct routes *available;<br>
int total_avail;<br>
int ac;<br>
};<br>
<br>
int parse_afrinic_extended(char *afext, struct
audit *output) {<br>
FILE *dump = fopen(afext, "r");<br>
if(!dump)<br>
return -1;<br>
char buffer[1024] = {0};<br>
char *delim;<br>
output->rc = 0;<br>
while(fgets(buffer, 1024, dump)) {<br>
if(strstr(buffer, "ZZ") &&
strstr(buffer, "reserved") &&
strstr(buffer, "ipv4")) {<br>
output->rc++;<br>
}<br>
}<br>
output->reserved =
calloc(output->rc, sizeof(struct routes));<br>
if(!output->reserved)<br>
return -1;<br>
output->rc = 0;<br>
struct routes *resv = output->reserved;<br>
rewind(dump);<br>
while(fgets(buffer, 1024, dump)) {<br>
if(strstr(buffer, "ZZ") &&
strstr(buffer, "reserved") &&
strstr(buffer, "ipv4")) {<br>
delim = strtok(buffer, "|");<br>
for(int i = 0; i < 3; i++)<br>
delim = strtok(NULL, "|");<br>
inet_pton(AF_INET, delim,
&resv[output->rc].network);<br>
resv[output->rc].network =
__builtin_bswap32(resv[output->rc].network);<br>
delim = strtok(NULL, "|");<br>
unsigned int addr_count =
atoi(delim);<br>
output->total_resv +=
addr_count;<br>
resv[output->rc].broadcast =
resv[output->rc].network+(addr_count-1);<br>
resv[output->rc].network =
__builtin_bswap32(resv[output->rc].network);<br>
resv[output->rc].broadcast =
__builtin_bswap32(resv[output->rc].broadcast);<br>
resv[output->rc].mask =
~__builtin_bswap32((unsigned
int)addr_count-1);<br>
output->rc++;<br>
}<br>
}<br>
rewind(dump);<br>
while(fgets(buffer, 1024, dump)) {<br>
if(strstr(buffer, "ZZ") &&
strstr(buffer, "available") &&
strstr(buffer, "ipv4")) {<br>
output->ac++;<br>
}<br>
}<br>
output->available =
calloc(output->ac, sizeof(struct routes));<br>
if(!output->available)<br>
return -1;<br>
struct routes *avail =
output->available;<br>
rewind(dump);<br>
while(fgets(buffer, 1024, dump)) {<br>
if(strstr(buffer, "ZZ") &&
strstr(buffer, "available") &&
strstr(buffer, "ipv4")) {<br>
delim = strtok(buffer, "|");<br>
for(int i = 0; i < 3; i++)<br>
delim = strtok(NULL, "|");<br>
inet_pton(AF_INET, delim,
&avail[output->ac].network);<br>
avail[output->ac].network =
__builtin_bswap32(avail[output->ac].network);<br>
delim = strtok(NULL, "|");<br>
unsigned int addr_count =
atoi(delim);<br>
output->total_avail +=
addr_count;<br>
avail[output->ac].broadcast =
avail[output->ac].network+(addr_count-1);<br>
avail[output->ac].mask =
~__builtin_bswap32((unsigned
int)addr_count-1);<br>
output->ac++;<br>
}<br>
}<br>
fclose(dump);<br>
return 0;<br>
}<br>
<br>
int parse_dfz(char *dfz_dump, struct audit
*output) {<br>
FILE *dump = fopen(dfz_dump, "r");<br>
char buffer[1024] = {0};<br>
int rc = 0, mult = 0, cidr = 0;<br>
char *delim;<br>
if(!dump) {<br>
return -1;<br>
}<br>
while(fgets(buffer, 1024, dump)) {<br>
if(buffer[0] >= '1' &&
buffer[0] <= '9' && strtok(buffer,
"/") && strchr(buffer, '.')) {<br>
rc++;<br>
}<br>
}<br>
output->dfz = calloc(rc, sizeof(struct
routes));<br>
output->dfz_count = rc;<br>
if(!output->dfz) {<br>
return -1;<br>
}<br>
rewind(dump);<br>
rc = 0;<br>
while(fgets(buffer, 1024, dump)) {<br>
if(buffer[0] >= '1' &&
buffer[0] <= '9') {<br>
cidr = 0;<br>
delim = strtok(buffer, "/");<br>
delim = strtok(NULL, "/");<br>
if(!delim) {<br>
memset(buffer, 0, 1024);<br>
continue;<br>
}<br>
mult = 1;<br>
for(int i = 0; i < 3; i++) {<br>
if(delim[i] >= '0'
&& delim[i] <= '9') {<br>
cidr = cidr *
mult+(9-('9'-delim[i]));<br>
mult*=10;<br>
}<br>
}<br>
delim = strchr(buffer, '.');<br>
if(!delim) {<br>
memset(buffer, 0, 1024);<br>
continue;<br>
}<br>
output->dfz[rc].cidr = cidr;<br>
inet_pton(AF_INET, buffer,
&output->dfz[rc].network);<br>
output->dfz[rc].cidr = cidr;<br>
output->dfz[rc].network =
__builtin_bswap32((unsigned
int)output->dfz[rc].network);<br>
output->dfz[rc].mask =
(~(unsigned int)0) << (32-cidr);<br>
output->dfz[rc].broadcast =
output->dfz[rc].network + ((~(unsigned
int)0) >> cidr);<br>
output->dfz[rc].network =
__builtin_bswap32((unsigned
int)output->dfz[rc].network);<br>
output->dfz[rc].broadcast =
__builtin_bswap32((unsigned
int)output->dfz[rc].broadcast);<br>
rc++;<br>
memset(buffer, 0, 1024);<br>
}<br>
}<br>
fclose(dump);<br>
return 0;<br>
}<br>
<br>
int audit_reserved(struct audit *data) {<br>
int hijack_count = 0;<br>
for(int i = 0; i < data->dfz_count;
i++) {<br>
unsigned int dfz_net =
__builtin_bswap32((unsigned
int)data->dfz[i].network);<br>
unsigned int dfz_bcast =
__builtin_bswap32((unsigned
int)data->dfz[i].broadcast);<br>
for(int r = 0; r < data->rc;
r++) {<br>
unsigned int resv_net =
__builtin_bswap32((unsigned
int)data->reserved[r].network);<br>
unsigned int resv_bcast =
__builtin_bswap32((unsigned
int)data->reserved[r].broadcast);<br>
if(dfz_net >= resv_net
&& dfz_net <= resv_bcast) {<br>
hijack_count +=
((dfz_bcast-dfz_net)+1);<br>
char
dfz_route[INET_ADDRSTRLEN] = {0};<br>
char
resv_network[INET_ADDRSTRLEN] = {0};<br>
char
resv_broadcast[INET_ADDRSTRLEN] = {0};<br>
inet_ntop(AF_INET,
&data->dfz[i].network, dfz_route,
INET_ADDRSTRLEN);<br>
inet_ntop(AF_INET,
&data->reserved[r].network,
resv_network, INET_ADDRSTRLEN);<br>
inet_ntop(AF_INET,
&data->reserved[r].broadcast,
resv_broadcast, INET_ADDRSTRLEN);<br>
printf("%s/%d fell between
reserved range %s -> %s [Adding %d
addresses to potential hijack]\n",<br>
dfz_route,
data->dfz[i].cidr, resv_network,
resv_broadcast, (dfz_bcast-dfz_net)+1);<br>
}<br>
}<br>
for(int a = 0; a < data->ac;
a++) {<br>
unsigned int avail_net =
__builtin_bswap32((unsigned
int)data->available[a].network);<br>
unsigned int avail_bcast =
__builtin_bswap32((unsigned
int)data->available[a].broadcast);<br>
if(dfz_net >=
data->available[a].network &&
dfz_net <= data->available[a].broadcast)
{<br>
hijack_count +=
((data->available[a].broadcast-data->available[a].network)+1);<br>
char
dfz_route[INET_ADDRSTRLEN] = {0};<br>
char
avail_network[INET_ADDRSTRLEN] = {0};<br>
char
avail_broadcast[INET_ADDRSTRLEN] = {0};<br>
inet_ntop(AF_INET,
&data->dfz[i].network, dfz_route,
INET_ADDRSTRLEN);<br>
inet_ntop(AF_INET,
&avail_net, avail_network,
INET_ADDRSTRLEN);<br>
inet_ntop(AF_INET,
&avail_bcast, avail_broadcast,
INET_ADDRSTRLEN);<br>
printf("%s/%d fell between
available range %s -> %s\n", dfz_route,
data->dfz[i].cidr, avail_network,
avail_broadcast);<br>
}<br>
}<br>
}<br>
printf("Found %d potentially hijacked
addresses\n", hijack_count);<br>
return 0;<br>
}<br>
<br>
int main(int argc, const char * argv[]) {<br>
struct audit data = {0};<br>
if(parse_dfz(BGP_DUMP, &data))<br>
return EXIT_FAILURE;<br>
if(parse_afrinic_extended(AFRINIC_EXT,
&data))<br>
return EXIT_FAILURE;<br>
printf("Found %d total available addresses
and %d total reserved addresses\n",
data.total_avail, data.total_resv);<br>
audit_reserved(&data);<br>
return EXIT_SUCCESS;<br>
}<br>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
RPD mailing list
<a href="mailto:RPD@afrinic.net" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">RPD@afrinic.net</a>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
RPD mailing list<br>
<a href="mailto:RPD@afrinic.net" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">RPD@afrinic.net</a><br>
<a
href="https://lists.afrinic.net/mailman/listinfo/rpd" rel="noreferrer"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
</blockquote>
</div>
</blockquote>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre wrap="" class="moz-quote-pre">_______________________________________________
RPD mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext"
href="mailto:RPD@afrinic.net" moz-do-not-send="true">RPD@afrinic.net</a>
<a class="moz-txt-link-freetext"
href="https://lists.afrinic.net/mailman/listinfo/rpd"
moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
</blockquote>
<span>_______________________________________________</span><br>
<span>RPD mailing list</span><br>
<span><a class="moz-txt-link-abbreviated" href="mailto:RPD@afrinic.net">RPD@afrinic.net</a></span><br>
<span><a class="moz-txt-link-freetext" href="https://lists.afrinic.net/mailman/listinfo/rpd">https://lists.afrinic.net/mailman/listinfo/rpd</a></span><br>
</div>
</blockquote>
</blockquote>
</body>
</html>