Re: RADB contact needed

[Ostap Efremov <kkind690 () gmail com>]

Hi,

I posted my initial e-mail 24 hours ago to NANOG but the moderation took a
while and RADB has since removed all entries for this now unallocated /14.
They deleted an incredible 408 records. Thanks a lot for this action RADB!
However, seems like isp's are already making new RADB entries for..
unallocated ipv4 space... created today.. 20210120
https://www.radb.net/query?advanced_query=1&keywords=-M+196.52.0.0%2F14&-T+option=&ip_option=&-i+option=&db=RADB
There is also a bunch of RIPE-NONAUTH and ARIN-NONAUTH that is awaiting
cleanup by RIPE and ARIN, they have been notified.

For a little background on this now revoked 196.52.0.0/14
https://afnog.org/pipermail/afnog/2020-December/004056.html
https://krebsonsecurity.com/2019/12/the-great-50m-african-ip-address-heist/
However this doesn't matter to me, I'm merely trying to get ~350
unallocated prefixes that are currently routed by ~70 ASNs.
This has nothing to do with " attempts to lockdown African Internet access
by various political factions, for example the situation in Uganda."
I believe that since 20 December 2020, a little bit after RFG's afrinic
post, the whois on that prefix changed and included a note:

> inetnum:        196.52.0.0 - 196.55.255.255
> netname:        LogicWeb-Inc
> descr:          LogicWeb Inc.
> descr:          3003 Woodbridge Ave
> descr:          Edison, NJ 08837
> country:        ZA
> remarks:        ============REMARK====================
> remarks:        The custodianship of this IP prefix is presently
> remarks:        in dispute. A police investigation is on-going
> remarks:        and AFRINIC reserves the right to
> remarks:        reclaim this IP prefix at anytime.
> remarks:        ============REMARK====================
However due to AFRINIC and their lack of "last-modified", i don't know when
exactly  And about 4 days ago it got revoked by AFRINIC and became
UNALLOCATED.
Many other /14's also got this note recently.
And yes Matt Harris, parts of this /14 were announced by logicweb
themselves, but parts were also being leased out to end users for prices as
low as 35$ per month for a /24.
I doubt that even 1% of this /14 was ever announced in the AFRINIC region.
LogicWeb is now sending the following reply to their ip-lease customers and
the isp's were they directly announce, including strange claims such as
"The original LOA we provided you is valid." while it's literally
unallocated.
https://pastebin.com/raw/BUvY003C

Greetings,
Ostap

On Wed, Jan 20, 2021 at 9:14 PM Matt Harris <matt () netfire net> wrote:

> Matt Harris
> | Infrastructure Lead Engineer
> 816‑256‑5446
> | Direct
> Looking for something?
> *Helpdesk Portal* <https://help.netfire.net/>
> | *Email Support* <help () netfire net>
> | *Billing Portal* <https://my.netfire.net/>
> We build and deliver end‑to‑end IT solutions.
> On Wed, Jan 20, 2021 at 10:56 AM Mel Beckman <mel () beckman org> wrote:
>
> > Ostap,
> >
> > Why was this prefix revoked? And what is your interest in the matter?  I
> > ask because, of late, there have been attempts to lockdown African Internet
> > access by various political factions, for example the situation in Uganda.
> >
> >  -mel
>
> It's looking like this block had been (probably fraudulently) parceled out
> and sold in small chunks to legitimate-but-gullible companies? The first
> /24 out of it and another latter /24 are advertised by a rural Nebraska
> WISP with a single-homed upstream to a company that I know to be legitimate
> who had added their entry to RADB for their customer. Most of the other
> chunks look to be advertised by random seemingly-legitimate organizations
> too.
>
> When this space stops routing, there's going to be a big mess and I'm
> pretty sure a lot of lawsuits.
>
> Ooof.