Hi,
I posted my initial e-mail 24 hours ago to NANOG but the moderation took a
while and RADB has since removed all entries for this now unallocated /14.
They deleted an incredible 408 records. Thanks a lot for this action RADB!
However, seems like isp's are already making new RADB entries for..
unallocated ipv4 space... created today.. 20210120
https://www.radb.net/query?advanced_query=1&keywords=-M+196.52.0.0%2F14&-T+option=&ip_option=&-i+option=&db=RADB There is also a bunch of RIPE-NONAUTH and ARIN-NONAUTH that is awaiting
cleanup by RIPE and ARIN, they have been notified.
For a little background on this now revoked 196.52.0.0/14
https://afnog.org/pipermail/afnog/2020-December/004056.html https://krebsonsecurity.com/2019/12/the-great-50m-african-ip-address-heist/ However this doesn't matter to me, I'm merely trying to get ~350
unallocated prefixes that are currently routed by ~70 ASNs.
This has nothing to do with " attempts to lockdown African Internet access
by various political factions, for example the situation in Uganda."
I believe that since 20 December 2020, a little bit after RFG's afrinic
post, the whois on that prefix changed and included a note:
> inetnum: 196.52.0.0 - 196.55.255.255
> netname: LogicWeb-Inc
> descr: LogicWeb Inc.
> descr: 3003 Woodbridge Ave
> descr: Edison, NJ 08837
> country: ZA
> remarks: ============REMARK====================
> remarks: The custodianship of this IP prefix is presently
> remarks: in dispute. A police investigation is on-going
> remarks: and AFRINIC reserves the right to
> remarks: reclaim this IP prefix at anytime.
> remarks: ============REMARK====================
>
However due to AFRINIC and their lack of "last-modified", i don't know when
exactly And about 4 days ago it got revoked by AFRINIC and became
UNALLOCATED.
Many other /14's also got this note recently.
And yes Matt Harris, parts of this /14 were announced by logicweb
themselves, but parts were also being leased out to end users for prices as
low as 35$ per month for a /24.
I doubt that even 1% of this /14 was ever announced in the AFRINIC region.
LogicWeb is now sending the following reply to their ip-lease customers and
the isp's were they directly announce, including strange claims such as
"The original LOA we provided you is valid." while it's literally
unallocated.
https://pastebin.com/raw/BUvY003C Greetings,
Ostap
On Wed, Jan 20, 2021 at 9:14 PM Matt Harris <matt@netfire.net> wrote:
> Matt Harris
> | Infrastructure Lead Engineer
> 816?256?5446
> | Direct
> Looking for something?
> *Helpdesk Portal* <https://help.netfire.net/>
> | *Email Support* <help@netfire.net>
> | *Billing Portal* <https://my.netfire.net/>
> We build and deliver end?to?end IT solutions.
> On Wed, Jan 20, 2021 at 10:56 AM Mel Beckman <mel@beckman.org> wrote:
>
>> Ostap,
>>
>> Why was this prefix revoked? And what is your interest in the matter? I
>> ask because, of late, there have been attempts to lockdown African Internet
>> access by various political factions, for example the situation in Uganda.
>>
>> -mel
>>
>
> It's looking like this block had been (probably fraudulently) parceled out
> and sold in small chunks to legitimate-but-gullible companies? The first
> /24 out of it and another latter /24 are advertised by a rural Nebraska
> WISP with a single-homed upstream to a company that I know to be legitimate
> who had added their entry to RADB for their customer. Most of the other
> chunks look to be advertised by random seemingly-legitimate organizations
> too.
>
> When this space stops routing, there's going to be a big mess and I'm
> pretty sure a lot of lawsuits.
>
> Ooof.
>
>