"AFRINIC has taken actions and kept its stakeholders informed about the situation. Infrastructural improvements on its database have been implemented and the operational business rules and procedures have been reviewed, including but not limited to a review of infrastructural user access."

 

Introduction

AFRINIC undertook an audit of all IPv4 number resources, which consisted of verifying the rightful custodianship of those resources. The audit verified the processes adopted for the allocation of IPv4 number resources which covered both legacy and non-legacy resources that fall under AFRINIC’s service region.

AFRINIC has taken actions and kept its stakeholders informed about the situation, brought about infrastructural improvements on its database, reviewed its operational business rules and procedures, including but not limited to a review of infrastructural user access.

Finally, the report provided some recommendations which will assist AFRINIC in ensuring an accurate WHOIS Database.

 

Read the report.

 


 

What Happened

The misappropriation of IP number resources in AFRINIC’s WHOIS Database was brought into light around mid-2019. Following an internal investigation, a former employee was found to have misappropriated IP number resources forming part of AFRINIC’s pool of resources. This matter was reported to the Mauritian Central Criminal Investigation Division, and an enquiry is presently on-going.

 

What we found

The audit reveals that 2,371,584 IPv4 addresses were misappropriated from AFRINIC’s pool of resources and attributed to organisations without justification.

A total of 1,060,864 IPv4 resources have been reclaimed, i.e deregistered from the AFRINIC WHOIS Database and are presently in ‘quarantine’ for a period of 12 months. Following the ‘quarantine’ period, the resources may be added to AFRINIC’s pool of resources available for new allocations.

A total of 1,310,720 IPv4 resources, related to two distinct organisations, are yet to be reclaimed due to ongoing due diligence.

With regard to misappropriation of IPv4 legacy space, 1,799,168 IPv4 addresses, deemed to be legacy address space appeared to have been compromised, and actions have been taken to contact the source-holders:

  1. 394,496 legacy IPv4 addresses have subsequently been consolidated at the request of the holding company of the organisations to which the resources were registered;
  2. Unsubstantiated changes to 467,968 legacy IPv4 addresses have been reversed;
  3. 936,704 legacy IPv4 addresses are currently under dispute and pending determination of rightful custodianship.

 

What is being done to keep this from happening again?

Following the findings of the audit, AFRINIC took several remedial actions such as reinforcing internal and external processes and adding multiple layers of verification to our IP allocation and database update processes. Here is what has been done so far by AFRINIC.

  • We communicated regularly through email updates and blog articles to keep our stakeholders informed about the situation. All concerned organisations were informed to take appropriate measures to protect the custodianship of the resources they hold.
  • AFRINIC undertook a review of its current processes relating to its core function and made various improvements in the control mechanisms for the management of Internet number resources. These covered the adoption of a fraud and corruption policy, and the introduction of a whistleblowing mechanism and many more.
  • Our current business rules now provide better support to legacy resource holders such that proper verification for legacy resources holders will be conducted before any updates are made to the records on the AFRINIC WHOIS database.
  • Resource members have to meet new checks to comply with AFRINIC’s Internal business process and policies: only registered contacts are allowed to request for service support, verify domain names registration information, and cross-verify company registration information where those services are available.
  • AFRINIC has been reinforcing its internal capacity and has embarked on a training program for staff members in the registration services. This is ongoing to ensure that all team members are capable of diligently evaluating the requests and also able to identify any risks involved.
  • The WHOIS Database has been upgraded with authentication mechanisms with additional safety features. Staff authorised to perform changes to records on MyAfrinic and WHOIS databases authenticate such changes using their PGP key. Power maintainers only use PGP authentication. All Resource Holders have also been instructed to adopt secure password mechanisms.
  • Additional layers of control for systems privileges for the staff in the Registration Services department have been implemented.
  • AFRINIC has a mechanism in place that ensures all objects in its WHOIS Database are protected by a maintainer (auto-generated for person and role objects).
  • AFRINIC also regularly monitors inconsistencies in its databases through reports which are generated daily. Registration Services Team are informed when inconsistencies are detected between the resource file entries and the registry database.

  

How can we contribute to making things better

As a result of the audit that was carried out on the accuracy of the AFRINIC WHOIS Database, the following recommendations were made:

  • The report recommends that all Resource Members keep their contact information updated.
  • The report recommends that organisations ensure that their details appearing on AFRINIC’s WHOIS Database are kept up to date all times.
  • The report recommends that AFRINIC devote resources to ensure that Legacy Resource Holders’ requests are attended to within the service timelines.
  • The report recommends that the AFRINIC community critically assess how best the accuracy of the information pertaining to Legacy Resource Holders can be improved and considers whether unused legacy resources should be left idle while AFRINIC exhausts its remaining pool of IPv4 addresses.
  • The report also recommends that policies which may assist AFRINIC in ensuring at all times an accurate WHOIS Database are developed.

 

What’s Next

AFRINIC is committed to effectively execute the recommendations highlighted in the report. As the Regional Internet Registry (RIR) for Africa and the Indian Ocean region, AFRINIC relies on the support and inputs of its community to implement those recommendations and improve on the accuracy and security of the WHOIS Database.

As we move forward, AFRINIC will keep its community informed about any improvements it brings along on the WHOIS Database.

 

 

AFRINIC undertook an audit of all IPv4 number resources, which consisted of verifying the rightful custodianship of those resources. The audit also verifies the processes adopted for the allocation of IPv4 number resources and includes both legacy and non-legacy resources that fall under AFRINIC’s service region.

The report also highlights the actions taken by AFRINIC, so far, to keep its stakeholders informed about the situation, infrastructural improvements regarding its database, a review of its operational business rules and procedures, including but not limited to a review of infrastructural user access.

Finally, the report provides some recommendations which may assist AFRINIC in ensuring an accurate WHOIS database.

 

- Click here to read the full report

- Click here to read a summary of the report

 

 

 

Authentication mechanisms for a safer WHOIS Database

 

AFRINIC is currently engaged in several undertakings in line with our commitment to improving the security and accuracy of the WHOIS Database, following the misappropriation of IP addresses in the WHOIS Database.

One of the security challenges inherent to the operation of the WHOIS Database has been the continued support for MD5 and CRYPT authentication mechanisms and password hashing algorithms.

In 2017, partial deprecation of CRYPT and MD5 authentication mechanisms was done. Consequently, a user could no longer create or update their maintainer(s) with a password hashed using these algorithms.

However, already existing passwords hashed by these algorithms could still be used to effect updates on database objects. Effective 12 December 2020, we shall fully deprecate support for CRYPT and MD5 authentication mechanisms. The passwords will no longer work on updating other objects, except to allow an update of the maintainer object with an acceptable authentication mechanism.

In the future, we are offering the possibility for users to work with any of the following recommended authentication mechanisms with their maintainers for WHOIS Database authentication:

  • BCRYPT
  • PGP key
  • X-509 key

This will be an added layer of safety in the WHOIS Database as we align with the current industry best practices for password hashing and storage. We encourage you to read more on maintainers here.

For any further inquiry and support on how to update the authentication mechanism, please contact us at hostmaster@afrinic.net.

 

Eddy Kayihura was appointed in the position of the Chief Executive Officer of AFRINIC in November 2019. Ashil Oogarah, AFRINIC’s communications team leader sat down with Mr Kayihura to get his reflects on his year serving AFRINIC and its community as well as his thoughts on the new AFRINIC Strategic Plan 2021-2023 and the role AFRINIC can play in developing the future of the Internet in the region.

On our Way to Building a Stable and Robust Internet in Africa

AFRINIC has the mandate to collaborate with its stakeholders to ensure the sustainable growth of a stable, secure and robust Internet in Africa. In order to deliver on the above, it is vital that AFRINIC engages with the public, civil and technical sectors in dialogues and forums around the development of the Internet in Africa. Despite the global pandemic that has grounded the world, AFRINIC had to get creative in its efforts to engage with the different stakeholder groups and communities throughout 2020. In this blog, we would like to share a quick recap of the activities and meetings we have participated and collaborated in regionally since the beginning of the year. 

 

Covid 19 took us all by surprise and in these challenging times, like most organisations worldwide, we had to find means to respond to the current pandemic. This however did not deter our commitment to engage with our stakeholders in our service region. Our first virtual conference, AIS'20 Online, stood out and illustrated our effort in finding innovative ways to remain in touch with our partners and pursue our engagement activities throughout 2020 seamlessly.” says AFRINIC CEO Eddy Kayihura.

 

Governments and Intergovernmental Bodies

Maintaining good working relationships with African governments and intergovernmental bodies is key for guaranteeing that public policies are developed online with the technological developments our membership is leading on the continent.

Within the framework of the African Union Agenda 2063, AFRINIC participated in a series of initiatives to collaborate with governments, ICT regulators and intergovernmental bodies on Internet development in Africa, including the Africa WSIS Meeting on ‘’COVID-19 and examining it as a Catalyst to achieving the WSIS Action Lines in the attainment of the Agenda 2030 UN Sustainable Development Goals and the African Union Agenda 2063”.

AFRINIC has also been exploring with the International Telecommunications Union (ITU) Telecommunication Development Bureau several areas of collaboration with respect to the objectives of the MoU that was signed between AFRINIC and the ITU in 2014 on IPv6 use and its developmental role for Africa. AFRINIC’s Head of Stakeholder Engagement, Mr Arthur Cardinal, met with Mrs Doreen Bogdan-Martin, ITU-D Director. They discussed several topics including the promotion of IPv6 Deployment, as a critical requirement for the deployment of Broadband and smart cities in developing countries.

Further to the collaboration between AFRINIC and the ITU-Africa Bureau, AFRINIC participated in the Cybersecurity Regional web dialogue for Africa Webinar organised on 23 September 2020 by the Bureau.

AFRINIC works with the African Union Commission (AUC) as an observer on the Ministerial Conference on Communications and ICT (MCIT).

The African Union Commission, the Internet Society, and the African Telecommunications Union hosted this first webinar in the ‘African Internet Resilience‘ series on the topic, ‘Internet Resilience in Africa in the context of COVID-19‘.

On 1 June 2020, AFRINIC participated in this webinar that assessed the growing impact of COVID-19 on livelihoods and work in Africa and examined the readiness of the continent’s Internet infrastructure to help mitigate those challenges. Mr Eddy Kayihura was a panellist in this event and gave a presentation on network traffic usage and trend in Africa during Covid-19.

AFRINIC also took part in the African Telecommunications Union’s (ATU) third Preparatory meeting for WTSA-20 that took place online from 27th - 30th July 2020.

We believe that the continued dialogue and the promotion of technical understanding with policymakers will work towards creating a synergy that can help bridge the gap between the technical and policy communities.

 

Collaboration with the Internet Society (ISOC)

AFRINIC and ISOC have been partners for many years and have collaborated on numerous projects. The two organisations have in the past conducted training and workshops focused on enhancing the capacity of African experts on Internet infrastructure, promoted and advocated for the expansion of Internet access across Africa, built community networks and Internet Exchange Points.

On 23 June AFRINIC participated in the webinar hosted by the Internet Society (ISOC) as they launched the "Anchoring the African Internet Ecosystem – Lessons from Kenya and Nigeria’s Internet Exchange Point Growth" Report.

On 24 July, the Internet Society (ISOC) and AFRINIC signed an MoU to cement their collaboration on the Africa Internet Measurement Project. The partnership agreement seeks to promote Internet access and connectivity in Africa. ISOC and AFRINIC have been working closely in the last few years to increase internet access and connectivity in the African continent. The two institutions have now concluded a joint agreement to work to promote research, capacity building around Internet Measurement, Routing Security, Internet Engineering Task Force-Africa (IETF-Africa,) and Internet exchange point. Read more on this collaboration here.

 

Regional Cooperation

As the Regional Internet Registry for Africa, AFRINIC is keen on partnering with key stakeholders in the Northern, Eastern, Southern, Central, Western Africa and Indian Ocean regions, by sharing valuable recommendations on Africa's sustainable development through Internet technology usage.

We highlight here our engagement activities with several organisations within our service region.

1) Cooperation in North Africa

AFRINIC was given an observer member status in the Arab Internet and Telecom Union - Arab Regional ISPs and DSPs Association (ARISPA), as both organisations look forward to joining forces to promote Internet development in the Arabic speaking countries in our service region predominantly in North Africa.

AFRINIC also took part in the GSR-20 Regional Regulatory Roundtable Discussion on Competition Policy and Analysis in a Digital Apps environment for the Arab and Africa Regions, on 20 August 2020.

2) Cooperation in the East African region

In Kigali, Rwanda, Mr Kayihura met with Dr Ally Yahaya Simba, Executive Secretary of the East African Communications Organisation (EACO). The two discussed opportunities for cooperation between AFRINIC and EACO on matters of Internet development and IPv6 deployment in the Eastern Region.

AFRINIC’s Chief Executive Officer, Mr Eddy Kayihura also participated in the Ethiopian Internet Development Conference 2020 (EIDC) in Addis Ababa from 3-5 March 2020. Mr Kayihura highlighted AFRINIC's leading role in education and capacity building as well as IP infrastructure development and reinforcement throughout the African region in his keynote speech.

 

3) Collaboration in West Africa

The West Africa Internet Governance Forum (WAIGF) aimed to promote Internet Governance issues in West Africa through a multi-stakeholder process. As part of their efforts, they organised the West Africa School on Internet Governance (WASIG) where AFRINIC presented on ''The Internet Address System''.

AFRINIC also participated in the Benin School of Internet Governance 2020 from 7-9 September 2020, and made a presentation on the topic ' From the School of Internet Governance, All Online ".

The Nigeria Youth IGF was held on 23 September 2020 and saw Mr Abiade Dosomnu from AFRINIC present on the topic ''Cyber Security & Cyber Crime - Enabling a secure and sustainable internet for all''.

On 10 October Mr Eddy Kayihura gave a welcome address during the Ivory Coast - Citizen Dialogue on the Future of the Internet. AFRINIC's Mr Brice Abba in parallel conducted a session at Benin under the theme, Citizen Dialogue on the Future of the Internet

AFRINIC, in collaboration with Facebook and ISOC Cote D’Ivoire, organised a webinar on 28 May 2020 to address the issue of fake news and Facebook's approach to tackle fake news through Facebook's fact-checking programme. The speakers included: Mrs Balkissa Idé Siddo, The Public Policy Manager- Facebook and Mr Brice Abba, Community Development Manager- AFRINIC.

 

4) Collaboration in Southern Africa

On 31 January AFRINIC and INX ZA - an autonomous division of the Internet Service Providers’ Association (ISPA) of South Africa signed an MoU. The purpose of this MoU is to allow for more opportunities for collaboration, partnering. The MoU also covers regulating the current understanding between the parties pertaining to the services being provided. INX-ZA provides AFRINIC with the right to peer at, and store data on INX-ZA’s infrastructure.

 

5) Collaboration in the Indian Ocean

AFRINIC's Mr Arthur Cardinal participated in the Mauritius IGF 2020 and Indian Ocean Island States IGF 2020 on the topic "Connecting The Digital Dots in Africa".

 

6) Cooperation in Central Africa

AFRINIC partnered with the Central Africa Peering Forum (CAPF) for a webinar on the impact of Covid-19 on peering. AFRINIC’s Amreesh Phokeer was a panellist in this webinar.

  

The Africa Internet Summit (AIS’20)

The African Network Information Centre (AFRINIC) in collaboration with the Africa Network Operators Group (AfNOG) have proudly concluded their first virtual conference (AIS’20). The event was originally planned to be held in Central Africa in the Democratic Republic of Congo, however, due to the COVID-19 pandemic, the event was held virtually with over 500 attendees. AIS is still very keen on going to Central Africa and DRC as soon as possible. Read more on how the meeting went and the valuable lessons learnt throughout the process of organising AIS'20 Online here.

 

Other Online Events AFRINIC participated in


In the context of the International Girls in ICT Day 2020, AFRINIC in partnership with the World Wide Web Foundation organised a webinar on 23 April 2020 to discuss the empowerment of women in the tech world. The webinar themed "Expand Horizons for African Women: Change attitudes in tech leadership" opened the floor to discussions around the critical role of African women in the ICT sector.

Mr Kayihura made a presentation on the topic, ''The New Normal Digital as a competitive necessity'' during the Africa Tech Leaders Webinar Series, involving Tech and thought leaders across various sectors in Africa. He shared his perspective on the role and benefits of the Internet to African Businesses at different levels stressing the need to carry along those at the bottom of the pyramid to achieve real progress whilst also highlighting the importance of mitigating the risks primarily associated with cyber-attacks.

AFRINIC participated in the Africa Cyber Defense Forum 2020 virtual meeting held on 24 and 25 June 2020. This year’s theme was 'A More Secure World, More Business Activity, and More Jobs’. This forum engaged top-level government, Technology experts, business leaders, and other leaders of society to shape the continental, regional, and industry agendas in the African cyberspace. AFRINIC Chief Executive Officer, Mr Eddy Kayihura was a panellist on 'National Security, Cyberthreats and Governance' session, while Mr Brice Abba, the Community Development Manager at AFRINIC moderated the session on 'Building Cyber Resilience Post COVID-19'.Mr Phokeer made a presentation on "Building a resilient Internet in Africa” at LINX Presents on 15 October 2020.

In addition, AFRINIC signed MoUs with the Nigerian Communications Commission for IPv6 Deployment and Internet Measurement and a Cooperation MoU with the Smart Africa Secretariat. The two organisations will collaborate on the development of a Master Plan to promote Internet governance and broadband deployment on the African continent.

AFRINIC also provided support to regional organisations through their ICT initiatives across Africa and in 2020 AFRINIC sponsored the following events: ZANOG, I-week, Internet Society - Ethiopia Internet Development Conference 2020, the Kondoa Community Network and the South Sudan IGF.

 

Future Collaboration

AFRINIC is currently exploring avenues for growing collaboration with its membership and community. Accordingly, we invite partnering organisations interested in hosting and organising engagements projects and bringing these to their local communities to reach out to us at engagement@afrinic.net

 

Author: Arthur Cardinal

Head of Stakeholder Engagement

AFRINIC

 

On Tuesday 10 November 2020, we sent a system-generated email for the outstanding balances of our membership.

We noticed that there was an error in the configuration of the system which picked the 2021 invoices, which are not yet due, in addition to the outstanding balances as at 31 October 2020.

Unfortunately, this came to the attention of our team this afternoon after our membership had received the email.

The error has since been fixed.

We would like to offer an apology for the inconvenience.

 

 

 

PeeringDB is a freely available database of networks for interconnection data. The database facilitates the global interconnection of networks at Internet Exchange Points (IXPs), data centres, and other interconnection facilities, and is the first step in making interconnection decisions. The database was set up to facilitate peering between networks and peering coordinators and provides peering and peering related information including all types of interconnection data for networks, clouds, services, and enterprise, as well as interconnection facilities that are developing at the edge of the Internet.

PeeringDB’s services are provided free of charge because all costs are met by sponsors

PeeringDB wants input from network operators, exchange operators, facility providers, content distributors and anyone who uses our interconnection database.

We are running an anonymous satisfaction survey until 23:59 UTC on 20 November 2020 and would like your feedback to help us make PeeringDB more useful to everyone involved in connecting networks.

We haven’t had the diversity of input we’d like in previous surveys, so we are making an extra effort to reach parts of the community who weren’t aware of our previous surveys. That’s why we are teaming up with AFRINIC to get the message out.

The survey will help us understand what is important to you and how satisfied you are with what we are doing. We will use your responses to focus our product roadmap on the improvements that will make things better for you. If you have specific comments or suggestions we’d love you to leave them along with your ratings.

 

Input from all PeeringDB users on what is important and what needs improving is essential. Telling us what you value and what you need us to improve will help us make PeeringDB better for you and make peering easier for all.” Steve McManus, PeeringDB Product Committee Chair

 

This is the first survey we are making available in multiple languages. In this survey, we are using the six UN languages for the questions. That said, we’re happy with people providing free text comments in another whichever language they are happiest expressing themselves.

We’ll share the results and the new product roadmap early in 2021.

If you have a specific idea to improve PeeringDB you can share it on our low traffic mailing lists or create an issue directly on GitHub. If you find a data quality issue, please let us know at support@peeringdb.com.

 


 

About the Author

 

Leo Vegoda is developing PeeringDB’s product roadmap. He was previously responsible for organizational planning and improvement in ICANN’s Office of the COO, and Internet Number Resources in the IANA department, as well as running Registration Services at the RIPE NCC.