override-{a[1-3],other}: regular batch of various overrides

Message ID 694bffc0-218c-2d54-8116-12d9cbdde239@ipfire.org
State Accepted
Commit 5ecf5e585e0535ded623845ef3911b33ac0029a9
Headers show
Series
  • override-{a[1-3],other}: regular batch of various overrides
Related show

Commit Message

Peter Müller Nov. 16, 2020, 3:58 p.m. UTC
Since the "Asline" IP hijacking gang tampers with RIR data, probably to
evade location based firewall rules, their Autonomous Systems were
pinned to the AP region (the given Hong Kong contact address seems to be
bogus for at least one /16 stolen AFRINIC chunk) for safety reasons.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 overrides/override-a1.txt    | 25 +++++++++++++++----------
 overrides/override-a2.txt    | 12 ++++++++++++
 overrides/override-a3.txt    |  5 +++++
 overrides/override-other.txt | 35 +++++++++++++++++++++++++++++++++++
 4 files changed, 67 insertions(+), 10 deletions(-)

Patch

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index e81d6c2..7aca339 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -596,16 +596,6 @@  descr:				ThinkTech Technology Industrial CO. Limited
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
-net:				94.199.160.0/23
-descr:				MIK Telecom VPN pool
-remarks:			VPN provider
-is-anonymous-proxy:	yes
-
-net:				95.129.56.0/21
-descr:				Azimut-R VPN Service
-remarks:			VPN provider
-is-anonymous-proxy:	yes
-
 net:				91.193.75.0/24
 descr:				KGB Hosting d.o.o. / David Craig
 remarks:			(Rogue) VPN provider
@@ -616,6 +606,21 @@  descr:				Privax LTD
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				92.118.39.0/24
+descr:				CloudMine NET
+remarks:			VPN provider [high confidence, but not proofed]
+is-anonymous-proxy:	yes
+
+net:				94.199.160.0/23
+descr:				MIK Telecom VPN pool
+remarks:			VPN provider
+is-anonymous-proxy:	yes
+
+net:				95.129.56.0/21
+descr:				Azimut-R VPN Service
+remarks:			VPN provider
+is-anonymous-proxy:	yes
+
 net:				95.154.64.0/18
 descr:				Octopusnet VPN
 remarks:			VPN provider
diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt
index 8f03159..a55c940 100644
--- a/overrides/override-a2.txt
+++ b/overrides/override-a2.txt
@@ -152,6 +152,12 @@  descr:					Arab Satellite Communications Organization
 remarks:				Satellite Internet provider
 is-satellite-provider:	yes
 
+aut-num:				AS42962
+descr:					CoreLink Communications
+remarks:				Chinese satellite Internet provider [high confidence, but not proofed]
+is-satellite-provider:	yes
+country:				AP
+
 aut-num:				AS43905
 descr:					Telenor Satellite AS
 remarks:				Satellite Internet provider
@@ -1616,3 +1622,9 @@  net:					2a04:2880::/30
 descr:					Satellite Solutions Worldwide Ltd
 remarks:				Satellite Internet provider
 is-satellite-provider:	yes
+
+net:					2a0a:2840::/29
+descr:					CoreLink Communications
+remarks:				Chinese satellite Internet provider [high confidence, but not proofed]
+is-satellite-provider:	yes
+country:				AP
diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt
index 924c859..07b2621 100644
--- a/overrides/override-a3.txt
+++ b/overrides/override-a3.txt
@@ -1527,6 +1527,11 @@  descr:		marbis GmbH
 remarks:	Generic anycast network [high confidence, but not proofed]
 is-anycast:	yes
 
+net:		2a05:7f00::/29
+descr:		nic.at GmbH and friends
+remarks:	TLD operator's anycast network
+is-anycast:	yes
+
 net:		2a06:e881:4001::/48
 descr:		Thomas Harwood
 remarks:	Public anycast DNS resolver
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index d4c3f5b..98ea79b 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -18,6 +18,16 @@  descr:		Iron Mountain Data Center
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
 country:	US
 
+aut-num:	AS18013
+descr:		ASLINE LIMITED
+remarks:	IP hijacker, traces back to AP region
+country:	AP
+
+aut-num:	AS18254
+descr:		KLAYER LLC
+remarks:	part of the "Asline" IP hijacking gang, traces back to AP region
+country:	AP
+
 aut-num:	AS24700
 descr:		Yes Networks Unlimited Ltd
 remarks:	traces to UA, but some RIR entries seem to contain garbage (VG)
@@ -33,6 +43,11 @@  descr:		IP Interactive UG (haftungsbeschraenkt)
 remarks:	ISP located in BG, but RIR data for announced prefixes contain garbage
 country:	BG
 
+aut-num:	AS35478
+descr:		Buena Telecom SRL
+remarks:	ISP located in RO, but RIR data for announced prefixes contain garbage
+country:	RO
+
 aut-num:	AS37518
 descr:		Fiber Grid Inc.
 remarks:	tampers with RIR data, traces back to SE
@@ -73,6 +88,11 @@  descr:		PPTECHNOLOGY LIMITED
 remarks:	bulletproof ISP (related to AS204655) located in NL
 country:	NL
 
+aut-num:	AS49466
+descr:		KLAYER LLC
+remarks:	part of the "Asline" IP hijacking gang, traces back to AP region
+country:	AP
+
 aut-num:	AS49505
 descr:		Selectel
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -108,6 +128,11 @@  descr:		DXTL Tseung Kwan O Service
 remarks:	tampers with RIR data, traces back to AP region
 country:	AP
 
+aut-num:	AS137951
+descr:		Clayer Limited
+remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
+country:	AP
+
 aut-num:	AS201133
 descr:		Verdina Ltd.
 remarks:	ISP located in BG, but RIR data for announced prefixes contain garbage
@@ -138,6 +163,11 @@  descr:		Altrosky Technology Ltd.
 remarks:	fake offshore location (SC), traces back to CZ and NL
 country:	EU
 
+aut-num:	AS208046
+descr:		Maximilian Kutzner trading as HostSlick
+remarks:	traces back to NL, but some RIR data for announced prefixes contain garbage
+country:	NL
+
 aut-num:	AS209132
 descr:		Alviva Holding Limited
 remarks:	ISP located in BG, but RIR data for announced prefixes contain garbage
@@ -158,6 +188,11 @@  descr:		IP Connect Inc.
 remarks:	fake offshore location (SC), traces back to NL
 country:	NL
 
+aut-num:	AS398478
+descr:		PEG TECH INC
+remarks:	ISP located in HK, tampers with RIR data
+country:	HK
+
 net:		5.252.32.0/22
 descr:		StormWall s.r.o.
 remarks:	claims to be located in DE, but traces back to somewhere else in central Europe