<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,<br>
<br>
Two notes from my side:<br>
<br>
1. Isn't this (in part) what the whole AS0 policy was about?
Such that space that's reserved/not issued by Afrinic can be
protected? (Having inherited previously abused space ... I'm 100%
behind such a policy).<br>
<br>
2. Whilst I agree with Andrew that it's difficult to determine
the exact Geographical location of originations, and I like his
concept of looking at reserved/available ASNs, I do think
something that makes an equal amount of sense is to get an idea of
the space issued to an org not originated by that org ... there
are legitimate cases (eg, we originate space on behalf of one of
our customers, used exclusively by that client), so I'm more
interested in cases like "space issued to org X originated from Y
non-X ASNs" (ie, don't count space where both the ASN and the
space is assigned to the same ORG). As concrete examples:<br>
<br>
154.73.32.0/22 => org: ORG-ULSC1-AFRINIC<br>
AS327767 => org: ORG-ULSC1-AFRINIC<br>
<br>
That need not be counted.<br>
<br>
102.214.182.0/23 => 102.214.180.0/22 => org:
ORG-DCC1-AFRINIC<br>
AS327767 => org: ORG-ULSC1-AFRINIC<br>
<br>
Count these cases, and group by ORG. So the above would result
in:<br>
<br>
ORG-DCC1-AFRINIC originates 1 prefix from 1 alternative ASN.<br>
<br>
Andrew - I'd be happy to assist with some code for counting this
if you throw the base on github and don't mind making that dump of
yours for the DFZ data available.<br>
<br>
Kind regards,<br>
Jaco</p>
<div class="moz-cite-prefix">On 2025/10/15 14:35, Fernando Frediani
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:34cba83c-e08f-48d5-9815-ee9637e618ba@gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Yeah it could be, but I would say that alone is already
something that can bring attention to resources because it is
not what is widely expected. I would easily believe that a fair
amount of space announce by other ASNs other than the one linked
to it in the whois may not be what was desired or justified at
the same resources were allocated. There are valid examples as
you mentioned, but I would say they are the fewer.</p>
<p>I think the most important in this context is find out if the
resources are being use in Africa or not which it is slightly
more complex to asses than matching with whois data.</p>
<p>Fernando</p>
<div class="moz-cite-prefix">On 10/15/2025 9:24 AM, Andrew Alston
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAD52VQ3xi8-7Cdrf=ZuFKsrJ_6sgFofXJ_VWyQJw3FK-PpcX-w@mail.gmail.com">
<meta http-equiv="content-type"
content="text/html; charset=UTF-8">
<div dir="ltr">Hi Fernando,
<div><br>
</div>
<div>It's unfortunately extremely difficult to do this -
because while an ASN may be allocated by AfriNIC it could be
announced from anywhere, and even in the case of where an
ASN is allocated by RIPE, it may be used in Africa to
announce AfriNIC space (Liquid Telecom is an example of
this, where 30844 is a RIPE ASN but almost all the space
under it is afrinic allocated and announced in Africa).</div>
<div><br>
</div>
<div>It would be possible to extend the code I wrote to show
the source ASN of the prefix's that are reserved - and then
potentially to match that against other AfriNIC data to show
who the ASN is owned by (if the ASN itself is allocated, in
my verification I found that many of these prefix's are
being announced by ASN's that are marked as available or
reserved)</div>
<div><br>
</div>
<div>I will see what I can do about adding that extra code at
some point when I find the time.</div>
<div><br>
</div>
<div>Thanks</div>
<div><br>
</div>
<div>Andrew</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote gmail_quote_container">
<div dir="ltr" class="gmail_attr">On Wed, Oct 15, 2025 at
3:14 PM Fernando Frediani <<a
href="mailto:fhfrediani@gmail.com" moz-do-not-send="true"
class="moz-txt-link-freetext">fhfrediani@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Would it be possible to get detailed information about
AfriNic prefixes that are currently being announced by
different ASNs they are linked to and potentially being
used out of the Africa region as well ? That would be a
pretty interesting information to see.</p>
<p>Regards<br>
Fernando</p>
<div>On 10/15/2025 8:40 AM, Andrew Alston wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Guys,
<div><br>
</div>
<div>So - Firstly a few notes on using the code I'm
going to paste below.</div>
<div><br>
</div>
<div>I created the BGP dump file on a juniper router
by running a "show route protocol bgp | save
bgp.dump.txt" and then copying that dump file to my
local system from the Juniper router. Note - this
produces a roughly 400meg file on a full table
router and it takes quite a while to run the
command.</div>
<div>Then - I used the
delegated-afrinic-extended-latest file downloaded
from the stats ftp server.</div>
<div><br>
</div>
<div>In the code below - if you wish to run similar -
change the char BGP_DUMP[256] and char
AFRINIC_EXT[256] global variables to match the
pathing to the relevant files.</div>
<div><br>
</div>
<div>Note that there is some weirdness in this code to
deal with endianness - and I will openly admit its
not the cleanest (or probably most efficient) code -
but it does work and I've verified the results.</div>
<div><br>
</div>
<div>I've pasted the code below the results section.</div>
<div><br>
</div>
<div>So - first the results:</div>
<div><br>
</div>
<div>Found 824064 total available addresses and
4482304 total reserved addresses<br>
<a href="http://41.57.124.0/22" target="_blank"
moz-do-not-send="true">41.57.124.0/22</a> fell
between reserved range 41.57.124.0 ->
41.57.127.255 [Adding 1024 addresses to potential
hijack]<br>
<a href="http://41.57.124.0/23" target="_blank"
moz-do-not-send="true">41.57.124.0/23</a> fell
between reserved range 41.57.124.0 ->
41.57.127.255 [Adding 512 addresses to potential
hijack]<br>
<a href="http://41.57.124.0/24" target="_blank"
moz-do-not-send="true">41.57.124.0/24</a> fell
between reserved range 41.57.124.0 ->
41.57.127.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.57.125.0/24" target="_blank"
moz-do-not-send="true">41.57.125.0/24</a> fell
between reserved range 41.57.124.0 ->
41.57.127.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.57.126.0/24" target="_blank"
moz-do-not-send="true">41.57.126.0/24</a> fell
between reserved range 41.57.124.0 ->
41.57.127.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.57.127.0/24" target="_blank"
moz-do-not-send="true">41.57.127.0/24</a> fell
between reserved range 41.57.124.0 ->
41.57.127.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.77.64.0/21" target="_blank"
moz-do-not-send="true">41.77.64.0/21</a> fell
between reserved range 41.77.64.0 -> 41.77.71.255
[Adding 2048 addresses to potential hijack]<br>
<a href="http://41.138.192.0/24" target="_blank"
moz-do-not-send="true">41.138.192.0/24</a> fell
between reserved range 41.138.192.0 ->
41.138.223.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.224.0/24" target="_blank"
moz-do-not-send="true">41.204.224.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.225.0/24" target="_blank"
moz-do-not-send="true">41.204.225.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.226.0/24" target="_blank"
moz-do-not-send="true">41.204.226.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.227.0/24" target="_blank"
moz-do-not-send="true">41.204.227.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.228.0/24" target="_blank"
moz-do-not-send="true">41.204.228.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.229.0/24" target="_blank"
moz-do-not-send="true">41.204.229.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.230.0/24" target="_blank"
moz-do-not-send="true">41.204.230.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.231.0/24" target="_blank"
moz-do-not-send="true">41.204.231.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.232.0/24" target="_blank"
moz-do-not-send="true">41.204.232.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.233.0/24" target="_blank"
moz-do-not-send="true">41.204.233.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.234.0/24" target="_blank"
moz-do-not-send="true">41.204.234.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.235.0/24" target="_blank"
moz-do-not-send="true">41.204.235.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.236.0/24" target="_blank"
moz-do-not-send="true">41.204.236.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.237.0/24" target="_blank"
moz-do-not-send="true">41.204.237.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.238.0/24" target="_blank"
moz-do-not-send="true">41.204.238.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.239.0/24" target="_blank"
moz-do-not-send="true">41.204.239.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.240.0/24" target="_blank"
moz-do-not-send="true">41.204.240.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.241.0/24" target="_blank"
moz-do-not-send="true">41.204.241.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.242.0/24" target="_blank"
moz-do-not-send="true">41.204.242.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.243.0/24" target="_blank"
moz-do-not-send="true">41.204.243.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.244.0/24" target="_blank"
moz-do-not-send="true">41.204.244.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.245.0/24" target="_blank"
moz-do-not-send="true">41.204.245.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.246.0/24" target="_blank"
moz-do-not-send="true">41.204.246.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.247.0/24" target="_blank"
moz-do-not-send="true">41.204.247.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.248.0/24" target="_blank"
moz-do-not-send="true">41.204.248.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.249.0/24" target="_blank"
moz-do-not-send="true">41.204.249.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.250.0/24" target="_blank"
moz-do-not-send="true">41.204.250.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.251.0/24" target="_blank"
moz-do-not-send="true">41.204.251.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.254.0/24" target="_blank"
moz-do-not-send="true">41.204.254.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.204.255.0/24" target="_blank"
moz-do-not-send="true">41.204.255.0/24</a> fell
between reserved range 41.204.224.0 ->
41.204.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.205.224.0/19" target="_blank"
moz-do-not-send="true">41.205.224.0/19</a> fell
between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 8192 addresses to potential
hijack]<br>
<a href="http://41.205.225.0/24" target="_blank"
moz-do-not-send="true">41.205.225.0/24</a> fell
between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.205.232.0/24" target="_blank"
moz-do-not-send="true">41.205.232.0/24</a> fell
between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.205.234.0/24" target="_blank"
moz-do-not-send="true">41.205.234.0/24</a> fell
between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.205.235.0/24" target="_blank"
moz-do-not-send="true">41.205.235.0/24</a> fell
between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.205.237.0/24" target="_blank"
moz-do-not-send="true">41.205.237.0/24</a> fell
between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.205.238.0/24" target="_blank"
moz-do-not-send="true">41.205.238.0/24</a> fell
between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.205.239.0/24" target="_blank"
moz-do-not-send="true">41.205.239.0/24</a> fell
between reserved range 41.205.224.0 ->
41.205.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://41.220.48.0/20" target="_blank"
moz-do-not-send="true">41.220.48.0/20</a> fell
between reserved range 41.220.48.0 ->
41.220.63.255 [Adding 4096 addresses to potential
hijack]<br>
<a href="http://80.88.6.0/24" target="_blank"
moz-do-not-send="true">80.88.6.0/24</a> fell
between reserved range 80.88.6.0 -> 80.88.6.255
[Adding 256 addresses to potential hijack]<br>
<a href="http://102.128.74.0/24" target="_blank"
moz-do-not-send="true">102.128.74.0/24</a> fell
between reserved range 102.128.72.0 ->
102.128.75.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://102.135.164.0/24" target="_blank"
moz-do-not-send="true">102.135.164.0/24</a> fell
between reserved range 102.135.164.0 ->
102.135.167.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://102.135.165.0/24" target="_blank"
moz-do-not-send="true">102.135.165.0/24</a> fell
between reserved range 102.135.164.0 ->
102.135.167.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://102.135.166.0/24" target="_blank"
moz-do-not-send="true">102.135.166.0/24</a> fell
between reserved range 102.135.164.0 ->
102.135.167.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://102.219.128.0/24" target="_blank"
moz-do-not-send="true">102.219.128.0/24</a> fell
between reserved range 102.219.128.0 ->
102.219.131.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://102.219.129.0/24" target="_blank"
moz-do-not-send="true">102.219.129.0/24</a> fell
between reserved range 102.219.128.0 ->
102.219.131.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://102.219.130.0/24" target="_blank"
moz-do-not-send="true">102.219.130.0/24</a> fell
between reserved range 102.219.128.0 ->
102.219.131.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://102.221.148.0/22" target="_blank"
moz-do-not-send="true">102.221.148.0/22</a> fell
between reserved range 102.221.144.0 ->
102.221.151.255 [Adding 1024 addresses to potential
hijack]<br>
<a href="http://156.0.254.0/24" target="_blank"
moz-do-not-send="true">156.0.254.0/24</a> fell
between reserved range 156.0.254.0 ->
156.0.254.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://160.119.208.0/24" target="_blank"
moz-do-not-send="true">160.119.208.0/24</a> fell
between reserved range 160.119.208.0 ->
160.119.211.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://160.119.209.0/24" target="_blank"
moz-do-not-send="true">160.119.209.0/24</a> fell
between reserved range 160.119.208.0 ->
160.119.211.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://164.160.192.0/21" target="_blank"
moz-do-not-send="true">164.160.192.0/21</a> fell
between reserved range 164.160.192.0 ->
164.160.223.255 [Adding 2048 addresses to potential
hijack]<br>
<a href="http://169.255.164.0/22" target="_blank"
moz-do-not-send="true">169.255.164.0/22</a> fell
between reserved range 169.255.164.0 ->
169.255.167.255 [Adding 1024 addresses to potential
hijack]<br>
<a href="http://193.188.7.0/24" target="_blank"
moz-do-not-send="true">193.188.7.0/24</a> fell
between reserved range 193.188.7.0 ->
193.188.7.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.13.203.0/24" target="_blank"
moz-do-not-send="true">196.13.203.0/24</a> fell
between reserved range 196.13.203.0 ->
196.13.203.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.20.60.0/24" target="_blank"
moz-do-not-send="true">196.20.60.0/24</a> fell
between reserved range 196.20.32.0 ->
196.20.63.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.20.61.0/24" target="_blank"
moz-do-not-send="true">196.20.61.0/24</a> fell
between reserved range 196.20.32.0 ->
196.20.63.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.20.62.0/24" target="_blank"
moz-do-not-send="true">196.20.62.0/24</a> fell
between reserved range 196.20.32.0 ->
196.20.63.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.41.74.0/24" target="_blank"
moz-do-not-send="true">196.41.74.0/24</a> fell
between reserved range 196.41.74.0 ->
196.41.74.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.43.252.0/24" target="_blank"
moz-do-not-send="true">196.43.252.0/24</a> fell
between reserved range 196.43.252.0 ->
196.43.252.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.46.18.0/24" target="_blank"
moz-do-not-send="true">196.46.18.0/24</a> fell
between reserved range 196.46.18.0 ->
196.46.19.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.46.19.0/24" target="_blank"
moz-do-not-send="true">196.46.19.0/24</a> fell
between reserved range 196.46.18.0 ->
196.46.19.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.46.152.0/24" target="_blank"
moz-do-not-send="true">196.46.152.0/24</a> fell
between reserved range 196.46.152.0 ->
196.46.159.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.46.153.0/24" target="_blank"
moz-do-not-send="true">196.46.153.0/24</a> fell
between reserved range 196.46.152.0 ->
196.46.159.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.46.154.0/23" target="_blank"
moz-do-not-send="true">196.46.154.0/23</a> fell
between reserved range 196.46.152.0 ->
196.46.159.255 [Adding 512 addresses to potential
hijack]<br>
<a href="http://196.50.21.0/24" target="_blank"
moz-do-not-send="true">196.50.21.0/24</a> fell
between reserved range 196.50.21.0 ->
196.50.21.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.53.113.0/24" target="_blank"
moz-do-not-send="true">196.53.113.0/24</a> fell
between reserved range 196.52.0.0 ->
196.55.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.54.72.0/23" target="_blank"
moz-do-not-send="true">196.54.72.0/23</a> fell
between reserved range 196.52.0.0 ->
196.55.255.255 [Adding 512 addresses to potential
hijack]<br>
<a href="http://196.55.102.0/23" target="_blank"
moz-do-not-send="true">196.55.102.0/23</a> fell
between reserved range 196.52.0.0 ->
196.55.255.255 [Adding 512 addresses to potential
hijack]<br>
<a href="http://196.63.243.0/24" target="_blank"
moz-do-not-send="true">196.63.243.0/24</a> fell
between reserved range 196.62.0.0 ->
196.63.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.195.4.0/24" target="_blank"
moz-do-not-send="true">196.195.4.0/24</a> fell
between reserved range 196.194.0.0 ->
196.195.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.195.15.0/24" target="_blank"
moz-do-not-send="true">196.195.15.0/24</a> fell
between reserved range 196.194.0.0 ->
196.195.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://196.195.253.0/24" target="_blank"
moz-do-not-send="true">196.195.253.0/24</a> fell
between reserved range 196.194.0.0 ->
196.195.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://197.157.200.0/22" target="_blank"
moz-do-not-send="true">197.157.200.0/22</a> fell
between reserved range 197.157.200.0 ->
197.157.203.255 [Adding 1024 addresses to potential
hijack]<br>
<a href="http://197.231.248.0/22" target="_blank"
moz-do-not-send="true">197.231.248.0/22</a> fell
between reserved range 197.231.248.0 ->
197.231.251.255 [Adding 1024 addresses to potential
hijack]<br>
<a href="http://197.231.248.0/24" target="_blank"
moz-do-not-send="true">197.231.248.0/24</a> fell
between reserved range 197.231.248.0 ->
197.231.251.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://197.231.249.0/24" target="_blank"
moz-do-not-send="true">197.231.249.0/24</a> fell
between reserved range 197.231.248.0 ->
197.231.251.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://197.231.250.0/24" target="_blank"
moz-do-not-send="true">197.231.250.0/24</a> fell
between reserved range 197.231.248.0 ->
197.231.251.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://197.231.251.0/24" target="_blank"
moz-do-not-send="true">197.231.251.0/24</a> fell
between reserved range 197.231.248.0 ->
197.231.251.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://197.234.208.0/24" target="_blank"
moz-do-not-send="true">197.234.208.0/24</a> fell
between reserved range 197.234.208.0 ->
197.234.215.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.224.0/24" target="_blank"
moz-do-not-send="true">212.12.224.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.225.0/24" target="_blank"
moz-do-not-send="true">212.12.225.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.226.0/24" target="_blank"
moz-do-not-send="true">212.12.226.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.227.0/24" target="_blank"
moz-do-not-send="true">212.12.227.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.229.0/24" target="_blank"
moz-do-not-send="true">212.12.229.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.231.0/24" target="_blank"
moz-do-not-send="true">212.12.231.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.232.0/24" target="_blank"
moz-do-not-send="true">212.12.232.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.233.0/24" target="_blank"
moz-do-not-send="true">212.12.233.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.234.0/24" target="_blank"
moz-do-not-send="true">212.12.234.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.235.0/24" target="_blank"
moz-do-not-send="true">212.12.235.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.236.0/24" target="_blank"
moz-do-not-send="true">212.12.236.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.237.0/24" target="_blank"
moz-do-not-send="true">212.12.237.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.238.0/24" target="_blank"
moz-do-not-send="true">212.12.238.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.239.0/24" target="_blank"
moz-do-not-send="true">212.12.239.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.240.0/24" target="_blank"
moz-do-not-send="true">212.12.240.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.241.0/24" target="_blank"
moz-do-not-send="true">212.12.241.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.242.0/24" target="_blank"
moz-do-not-send="true">212.12.242.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.243.0/24" target="_blank"
moz-do-not-send="true">212.12.243.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.244.0/24" target="_blank"
moz-do-not-send="true">212.12.244.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.245.0/24" target="_blank"
moz-do-not-send="true">212.12.245.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.246.0/24" target="_blank"
moz-do-not-send="true">212.12.246.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.247.0/24" target="_blank"
moz-do-not-send="true">212.12.247.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.248.0/24" target="_blank"
moz-do-not-send="true">212.12.248.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.249.0/24" target="_blank"
moz-do-not-send="true">212.12.249.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.250.0/24" target="_blank"
moz-do-not-send="true">212.12.250.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.251.0/24" target="_blank"
moz-do-not-send="true">212.12.251.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.252.0/24" target="_blank"
moz-do-not-send="true">212.12.252.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.254.0/24" target="_blank"
moz-do-not-send="true">212.12.254.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
<a href="http://212.12.255.0/24" target="_blank"
moz-do-not-send="true">212.12.255.0/24</a> fell
between reserved range 212.12.224.0 ->
212.12.255.255 [Adding 256 addresses to potential
hijack]<br>
Found 50176 potentially hijacked addresses</div>
<div><br>
</div>
<div>--- Below here is the code (I didn't know if I
could send attachments to the RPD list so I just
pasted the code straight) ---</div>
<div><br>
</div>
<div>//<br>
// main.c<br>
// AfrinicAudit<br>
//<br>
// Created by Andrew Alston on 15/10/2025.<br>
// Code is considered open use with no
restrictions.<br>
//<br>
<br>
#include <stdlib.h><br>
#include <stdio.h><br>
#include <string.h><br>
#include <arpa/inet.h><br>
<br>
char BGP_DUMP[256] =
"/Users/aalston/audit/bgp.dump.txt";<br>
char AFRINIC_EXT[256] =
"/Users/aalston/audit/delegated-afrinic-extended-latest";<br>
<br>
struct routes {<br>
unsigned int network;<br>
unsigned int broadcast;<br>
unsigned int mask;<br>
unsigned short cidr;<br>
};<br>
<br>
struct audit {<br>
struct routes *dfz;<br>
int dfz_count;<br>
struct routes *reserved;<br>
int total_resv;<br>
int rc;<br>
struct routes *available;<br>
int total_avail;<br>
int ac;<br>
};<br>
<br>
int parse_afrinic_extended(char *afext, struct audit
*output) {<br>
FILE *dump = fopen(afext, "r");<br>
if(!dump)<br>
return -1;<br>
char buffer[1024] = {0};<br>
char *delim;<br>
output->rc = 0;<br>
while(fgets(buffer, 1024, dump)) {<br>
if(strstr(buffer, "ZZ") &&
strstr(buffer, "reserved") && strstr(buffer,
"ipv4")) {<br>
output->rc++;<br>
}<br>
}<br>
output->reserved = calloc(output->rc,
sizeof(struct routes));<br>
if(!output->reserved)<br>
return -1;<br>
output->rc = 0;<br>
struct routes *resv = output->reserved;<br>
rewind(dump);<br>
while(fgets(buffer, 1024, dump)) {<br>
if(strstr(buffer, "ZZ") &&
strstr(buffer, "reserved") && strstr(buffer,
"ipv4")) {<br>
delim = strtok(buffer, "|");<br>
for(int i = 0; i < 3; i++)<br>
delim = strtok(NULL, "|");<br>
inet_pton(AF_INET, delim,
&resv[output->rc].network);<br>
resv[output->rc].network =
__builtin_bswap32(resv[output->rc].network);<br>
delim = strtok(NULL, "|");<br>
unsigned int addr_count = atoi(delim);<br>
output->total_resv += addr_count;<br>
resv[output->rc].broadcast =
resv[output->rc].network+(addr_count-1);<br>
resv[output->rc].network =
__builtin_bswap32(resv[output->rc].network);<br>
resv[output->rc].broadcast =
__builtin_bswap32(resv[output->rc].broadcast);<br>
resv[output->rc].mask =
~__builtin_bswap32((unsigned int)addr_count-1);<br>
output->rc++;<br>
}<br>
}<br>
rewind(dump);<br>
while(fgets(buffer, 1024, dump)) {<br>
if(strstr(buffer, "ZZ") &&
strstr(buffer, "available") &&
strstr(buffer, "ipv4")) {<br>
output->ac++;<br>
}<br>
}<br>
output->available = calloc(output->ac,
sizeof(struct routes));<br>
if(!output->available)<br>
return -1;<br>
struct routes *avail = output->available;<br>
rewind(dump);<br>
while(fgets(buffer, 1024, dump)) {<br>
if(strstr(buffer, "ZZ") &&
strstr(buffer, "available") &&
strstr(buffer, "ipv4")) {<br>
delim = strtok(buffer, "|");<br>
for(int i = 0; i < 3; i++)<br>
delim = strtok(NULL, "|");<br>
inet_pton(AF_INET, delim,
&avail[output->ac].network);<br>
avail[output->ac].network =
__builtin_bswap32(avail[output->ac].network);<br>
delim = strtok(NULL, "|");<br>
unsigned int addr_count = atoi(delim);<br>
output->total_avail += addr_count;<br>
avail[output->ac].broadcast =
avail[output->ac].network+(addr_count-1);<br>
avail[output->ac].mask =
~__builtin_bswap32((unsigned int)addr_count-1);<br>
output->ac++;<br>
}<br>
}<br>
fclose(dump);<br>
return 0;<br>
}<br>
<br>
int parse_dfz(char *dfz_dump, struct audit *output)
{<br>
FILE *dump = fopen(dfz_dump, "r");<br>
char buffer[1024] = {0};<br>
int rc = 0, mult = 0, cidr = 0;<br>
char *delim;<br>
if(!dump) {<br>
return -1;<br>
}<br>
while(fgets(buffer, 1024, dump)) {<br>
if(buffer[0] >= '1' && buffer[0]
<= '9' && strtok(buffer, "/") &&
strchr(buffer, '.')) {<br>
rc++;<br>
}<br>
}<br>
output->dfz = calloc(rc, sizeof(struct
routes));<br>
output->dfz_count = rc;<br>
if(!output->dfz) {<br>
return -1;<br>
}<br>
rewind(dump);<br>
rc = 0;<br>
while(fgets(buffer, 1024, dump)) {<br>
if(buffer[0] >= '1' && buffer[0]
<= '9') {<br>
cidr = 0;<br>
delim = strtok(buffer, "/");<br>
delim = strtok(NULL, "/");<br>
if(!delim) {<br>
memset(buffer, 0, 1024);<br>
continue;<br>
}<br>
mult = 1;<br>
for(int i = 0; i < 3; i++) {<br>
if(delim[i] >= '0' &&
delim[i] <= '9') {<br>
cidr = cidr *
mult+(9-('9'-delim[i]));<br>
mult*=10;<br>
}<br>
}<br>
delim = strchr(buffer, '.');<br>
if(!delim) {<br>
memset(buffer, 0, 1024);<br>
continue;<br>
}<br>
output->dfz[rc].cidr = cidr;<br>
inet_pton(AF_INET, buffer,
&output->dfz[rc].network);<br>
output->dfz[rc].cidr = cidr;<br>
output->dfz[rc].network =
__builtin_bswap32((unsigned
int)output->dfz[rc].network);<br>
output->dfz[rc].mask = (~(unsigned
int)0) << (32-cidr);<br>
output->dfz[rc].broadcast =
output->dfz[rc].network + ((~(unsigned int)0)
>> cidr);<br>
output->dfz[rc].network =
__builtin_bswap32((unsigned
int)output->dfz[rc].network);<br>
output->dfz[rc].broadcast =
__builtin_bswap32((unsigned
int)output->dfz[rc].broadcast);<br>
rc++;<br>
memset(buffer, 0, 1024);<br>
}<br>
}<br>
fclose(dump);<br>
return 0;<br>
}<br>
<br>
int audit_reserved(struct audit *data) {<br>
int hijack_count = 0;<br>
for(int i = 0; i < data->dfz_count; i++) {<br>
unsigned int dfz_net =
__builtin_bswap32((unsigned
int)data->dfz[i].network);<br>
unsigned int dfz_bcast =
__builtin_bswap32((unsigned
int)data->dfz[i].broadcast);<br>
for(int r = 0; r < data->rc; r++) {<br>
unsigned int resv_net =
__builtin_bswap32((unsigned
int)data->reserved[r].network);<br>
unsigned int resv_bcast =
__builtin_bswap32((unsigned
int)data->reserved[r].broadcast);<br>
if(dfz_net >= resv_net &&
dfz_net <= resv_bcast) {<br>
hijack_count +=
((dfz_bcast-dfz_net)+1);<br>
char dfz_route[INET_ADDRSTRLEN] =
{0};<br>
char resv_network[INET_ADDRSTRLEN] =
{0};<br>
char resv_broadcast[INET_ADDRSTRLEN]
= {0};<br>
inet_ntop(AF_INET,
&data->dfz[i].network, dfz_route,
INET_ADDRSTRLEN);<br>
inet_ntop(AF_INET,
&data->reserved[r].network, resv_network,
INET_ADDRSTRLEN);<br>
inet_ntop(AF_INET,
&data->reserved[r].broadcast, resv_broadcast,
INET_ADDRSTRLEN);<br>
printf("%s/%d fell between reserved
range %s -> %s [Adding %d addresses to potential
hijack]\n",<br>
dfz_route,
data->dfz[i].cidr, resv_network, resv_broadcast,
(dfz_bcast-dfz_net)+1);<br>
}<br>
}<br>
for(int a = 0; a < data->ac; a++) {<br>
unsigned int avail_net =
__builtin_bswap32((unsigned
int)data->available[a].network);<br>
unsigned int avail_bcast =
__builtin_bswap32((unsigned
int)data->available[a].broadcast);<br>
if(dfz_net >=
data->available[a].network && dfz_net
<= data->available[a].broadcast) {<br>
hijack_count +=
((data->available[a].broadcast-data->available[a].network)+1);<br>
char dfz_route[INET_ADDRSTRLEN] =
{0};<br>
char avail_network[INET_ADDRSTRLEN]
= {0};<br>
char
avail_broadcast[INET_ADDRSTRLEN] = {0};<br>
inet_ntop(AF_INET,
&data->dfz[i].network, dfz_route,
INET_ADDRSTRLEN);<br>
inet_ntop(AF_INET, &avail_net,
avail_network, INET_ADDRSTRLEN);<br>
inet_ntop(AF_INET, &avail_bcast,
avail_broadcast, INET_ADDRSTRLEN);<br>
printf("%s/%d fell between available
range %s -> %s\n", dfz_route,
data->dfz[i].cidr, avail_network,
avail_broadcast);<br>
}<br>
}<br>
}<br>
printf("Found %d potentially hijacked
addresses\n", hijack_count);<br>
return 0;<br>
}<br>
<br>
int main(int argc, const char * argv[]) {<br>
struct audit data = {0};<br>
if(parse_dfz(BGP_DUMP, &data))<br>
return EXIT_FAILURE;<br>
if(parse_afrinic_extended(AFRINIC_EXT,
&data))<br>
return EXIT_FAILURE;<br>
printf("Found %d total available addresses and
%d total reserved addresses\n", data.total_avail,
data.total_resv);<br>
audit_reserved(&data);<br>
return EXIT_SUCCESS;<br>
}<br>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
RPD mailing list
<a href="mailto:RPD@afrinic.net" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">RPD@afrinic.net</a>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
RPD mailing list<br>
<a href="mailto:RPD@afrinic.net" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">RPD@afrinic.net</a><br>
<a href="https://lists.afrinic.net/mailman/listinfo/rpd"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.afrinic.net/mailman/listinfo/rpd</a><br>
</blockquote>
</div>
</blockquote>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre wrap="" class="moz-quote-pre">_______________________________________________
RPD mailing list
<a class="moz-txt-link-abbreviated" href="mailto:RPD@afrinic.net">RPD@afrinic.net</a>
<a class="moz-txt-link-freetext" href="https://lists.afrinic.net/mailman/listinfo/rpd">https://lists.afrinic.net/mailman/listinfo/rpd</a>
</pre>
</blockquote>
</body>
</html>