From patchwork Fri Oct 30 11:55:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 3619 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CN13X4NS0z3whw for ; Fri, 30 Oct 2020 11:55:52 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CN13X2yD3z1Fg; Fri, 30 Oct 2020 11:55:52 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CN13X2QSSz2xq4; Fri, 30 Oct 2020 11:55:52 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CN13W0g2Qz2xlB for ; Fri, 30 Oct 2020 11:55:51 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CN13T5gr2z1Fg for ; Fri, 30 Oct 2020 11:55:49 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1604058950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8ZbQ2byCcM8aMMDUHeqn/6cLwjIgCJS+SiH85h2GLNg=; b=w1MpILOtRt6JQAuqSr1M554W6rztqWL6CWDyOTVvuqCTk42aenRx7DWhP9ZdAz+RNchNta 7U+AULfPTegC01BQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1604058950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8ZbQ2byCcM8aMMDUHeqn/6cLwjIgCJS+SiH85h2GLNg=; b=qjDRXPS8Z5yXC4GlhgkkOHV21KeWsk8eYbg8t3E8LOZA7W4kwIlW4DC4L6e/I7GBCGnEui 8JaBzb+xq/087lTGcuW+Au3eg/9LtiQthB0H82HNV+fqPlpjwuGjq4y92BaCrOHPJwqxZr uoJl5Ljbqh8Gt+NIOC/GJDv9Pg/vXUvhn1xZV/g1Wu0CxQ0HkbMPXM94PAU/yItv17RMOM MbnvXaYPUiJ9OrG1+yClhGyap64pdsgMW8L66ZxbjNTAn0E5rCUNDG/raf+ul0tS52wqyV 4Y/qwXIeGByTR8NICIzrFQzsTD7OZf8wL/vd0KIMkN08eCm/U5aqSy2x1NIiPA== Subject: [PATCH 2/2] overrides/override-{a{1,3},other}: add overrides for obviously bogus countries To: location@lists.ipfire.org References: From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Fri, 30 Oct 2020 12:55:48 +0100 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" Some people seem to think it is clever to locate their networks on unpopulated islands somewhere in the Atlantic Ocean (I think about rejecting or flagging those networks entirely), while others have registered letterboxes companies on St. Kitts and Nevis, the Seychelles, or elsewhere. While I personally consider this to be a good idea if you are in need of additional privacy, it would be nice if they could at least put in a country that makes sense - let it be EU or AP if they do not want to be tracked down further, I don't care. But BV is definitely not helping. :-/ Signed-off-by: Peter Müller --- overrides/override-a1.txt | 22 ++++++++++++++++++++++ overrides/override-a3.txt | 5 +++++ overrides/override-other.txt | 15 +++++++++++++++ 3 files changed, 42 insertions(+) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 5fb75cc..e81d6c2 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -87,6 +87,12 @@ remarks: VPN provider (claims PA or BZ for some prefixes, but they are all hos is-anonymous-proxy: yes country: CH +aut-num: AS54990 +descr: 1337 Services LLC +remarks: Tor relay and VPN provider, traces back to SE [high confidence, but not proofed] +is-anonymous-proxy: yes +country: SE + aut-num: AS53559 descr: KST Networks / ANONYMIZER remarks: VPN provider [high confidence, but not proofed] @@ -810,6 +816,12 @@ descr: IPNET-VPNS remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes +net: 169.239.152.0/22 +descr: AfriVPN Ltd +remarks: VPN provider, traces back to ZA +is-anonymous-proxy: yes +country: ZA + net: 171.25.193.0/24 descr: DFRI remarks: Tor relay provider @@ -1444,3 +1456,13 @@ net: 2a0b:f4c0::/29 descr: Zwiebelfreunde e.V. / F3 Netze e.V. remarks: Tor relay provider is-anonymous-proxy: yes + +net: 2a0c:3b80::/29 +descr: 4b42 UG / Securebit Network / Tunnelbroker Network Sandefjord +remarks: large IP chunk mostly used by VPN providers +is-anonymous-proxy: yes + +net: 2c0f:f930::/32 +descr: Cyberdyne S.A. +remarks: Tor relay provider +is-anonymous-proxy: yes diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index d98544f..924c859 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -630,6 +630,11 @@ descr: Kantonsschule Zug remarks: Generic anycast network is-anycast: yes +net: 129.232.248.0/24 +descr: xneeloner DNS Anycast +remarks: Generic anycast network +is-anycast: yes + net: 130.185.120.0/24 descr: Softqloud GmbH remarks: Generic anycast network diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 93e1780..d4c3f5b 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -38,6 +38,11 @@ descr: Fiber Grid Inc. remarks: tampers with RIR data, traces back to SE country: SE +aut-num: AS39287 +descr: ab stract / Peter Kolmisoppi +remarks: tampers with RIR data, traces back to SE +country: SE + aut-num: AS40034 descr: Confluence Networks Inc. remarks: fake offshore location (VG), traces back to Austin, TX, US @@ -118,6 +123,11 @@ descr: IP Volume Inc. remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL country: NL +aut-num: AS202492 +descr: SILVERHILL GROUP HOLDING LTD / SAKIS POLUNIGIS +remarks: fake offshore location (SC), traces back to NL +country: NL + aut-num: AS204655 descr: Novogara Ltd. remarks: bulletproof ISP (strongly linked to AS202425) located in NL @@ -213,6 +223,11 @@ descr: Amarutu Technology Ltd. / KoDDoS / ESecurity remarks: fake offshore location (BZ), traces back to US country: US +net: 185.193.124.0/22 +descr: ab stract / Njalla +remarks: bogus RIR data pointing to the unpopulated Bouvet Island (BV), suballocations trace back to SE +country: SE + net: 185.244.29.0/24 descr: NINAZU VPN Service / Gerber EDV / David Craig remarks: bulletproof ISP, fake location (SC), traces back to GB