[2/2] overrides/override-{a{1,3},other}: add overrides for obviously bogus countries

Message ID c6debc09-8e69-d782-095a-4e787a6d3d7a@ipfire.org
State Accepted
Commit f2b077ddd0f7698064345acbf481aa212e49867a
Headers show
Series
  • [1/2] overrides/overrides-{a{1,3},other}: weekly batch of override updates
Related show

Commit Message

Peter Müller Oct. 30, 2020, 11:55 a.m. UTC
Some people seem to think it is clever to locate their networks on
unpopulated islands somewhere in the Atlantic Ocean (I think about
rejecting or flagging those networks entirely), while others have
registered letterboxes companies on St. Kitts and Nevis, the Seychelles,
or elsewhere.

While I personally consider this to be a good idea if you are in need of
additional privacy, it would be nice if they could at least put in a
country that makes sense - let it be EU or AP if they do not want to be
tracked down further, I don't care. But BV is definitely not helping. :-/

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 overrides/override-a1.txt    | 22 ++++++++++++++++++++++
 overrides/override-a3.txt    |  5 +++++
 overrides/override-other.txt | 15 +++++++++++++++
 3 files changed, 42 insertions(+)

Patch

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 5fb75cc..e81d6c2 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -87,6 +87,12 @@  remarks:			VPN provider (claims PA or BZ for some prefixes, but they are all hos
 is-anonymous-proxy:	yes
 country:			CH
 
+aut-num:			AS54990
+descr:				1337 Services LLC
+remarks:			Tor relay and VPN provider, traces back to SE [high confidence, but not proofed]
+is-anonymous-proxy:	yes
+country:			SE
+
 aut-num:			AS53559
 descr:				KST Networks / ANONYMIZER
 remarks:			VPN provider [high confidence, but not proofed]
@@ -810,6 +816,12 @@  descr:				IPNET-VPNS
 remarks:			VPN provider [high confidence, but not proofed]
 is-anonymous-proxy:	yes
 
+net:				169.239.152.0/22
+descr:				AfriVPN Ltd
+remarks:			VPN provider, traces back to ZA
+is-anonymous-proxy:	yes
+country:			ZA
+
 net:				171.25.193.0/24
 descr:				DFRI
 remarks:			Tor relay provider
@@ -1444,3 +1456,13 @@  net:				2a0b:f4c0::/29
 descr:				Zwiebelfreunde e.V. / F3 Netze e.V.
 remarks:			Tor relay provider
 is-anonymous-proxy:	yes
+
+net:				2a0c:3b80::/29
+descr:				4b42 UG / Securebit Network / Tunnelbroker Network Sandefjord
+remarks:			large IP chunk mostly used by VPN providers
+is-anonymous-proxy:	yes
+
+net:				2c0f:f930::/32
+descr:				Cyberdyne S.A.
+remarks:			Tor relay provider
+is-anonymous-proxy:	yes
diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt
index d98544f..924c859 100644
--- a/overrides/override-a3.txt
+++ b/overrides/override-a3.txt
@@ -630,6 +630,11 @@  descr:		Kantonsschule Zug
 remarks:	Generic anycast network
 is-anycast:	yes
 
+net:		129.232.248.0/24
+descr:		xneeloner DNS Anycast
+remarks:	Generic anycast network
+is-anycast:	yes
+
 net:		130.185.120.0/24
 descr:		Softqloud GmbH
 remarks:	Generic anycast network
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 93e1780..d4c3f5b 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -38,6 +38,11 @@  descr:		Fiber Grid Inc.
 remarks:	tampers with RIR data, traces back to SE
 country:	SE
 
+aut-num:	AS39287
+descr:		ab stract / Peter Kolmisoppi
+remarks:	tampers with RIR data, traces back to SE
+country:	SE
+
 aut-num:	AS40034
 descr:		Confluence Networks Inc.
 remarks:	fake offshore location (VG), traces back to Austin, TX, US
@@ -118,6 +123,11 @@  descr:		IP Volume Inc.
 remarks:	bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
 country:	NL
 
+aut-num:	AS202492
+descr:		SILVERHILL GROUP HOLDING LTD / SAKIS POLUNIGIS
+remarks:	fake offshore location (SC), traces back to NL
+country:	NL
+
 aut-num:	AS204655
 descr:		Novogara Ltd.
 remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
@@ -213,6 +223,11 @@  descr:		Amarutu Technology Ltd. / KoDDoS / ESecurity
 remarks:	fake offshore location (BZ), traces back to US
 country:   	US
 
+net:		185.193.124.0/22
+descr:		ab stract / Njalla
+remarks:	bogus RIR data pointing to the unpopulated Bouvet Island (BV), suballocations trace back to SE
+country:   	SE
+
 net:		185.244.29.0/24
 descr:		NINAZU VPN Service / Gerber EDV / David Craig
 remarks:	bulletproof ISP, fake location (SC), traces back to GB