add overrides for dirty ISP conglomerate "Inter Connects Inc. & friends"
Commit Message
AS owned by a couple of letterbox companies in London (most notably
Inter Connects Inc. and Packet Exchange Ltd.) were found to tamper
massively with RIR data of prefixes they own or announce. Aside from
that, these AS are currently hijacking AfriNIC chunks widely believed as
being stolen - plus hosting some cybercrime stuff for good measure.
Except for AS63119, all of these networks show strong links to Sweden,
while some traceroutes dead-end at other places in Europe. As a
consequence, we cannot trust the county information published by this
actor, generously overriding them to limit damage to IPFire location
database users.
The author strongly recommends against accepting any traffic from or to
these networks (some of them have ASN-DROP listings at Spamhaus indeed),
but this aspect is out of scope for the IPFire location database. Just
mentioning it here for the sake of completeness. :-)
In addition, this patch features some IPv4 networks apparently operated
by VPN providers in US - being shady as well, just saying.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
overrides/override-a1.txt | 20 ++++++++++++++++++++
overrides/override-other.txt | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 55 insertions(+)
@@ -297,6 +297,11 @@ descr: CloudVPN Inc.
remarks: VPN provider
is-anonymous-proxy: yes
+net: 23.230.23.0/24
+descr: Colorberry VPN Services
+remarks: VPN provider
+is-anonymous-proxy: yes
+
net: 23.239.176.0/22
descr: CloudVPN Inc.
remarks: VPN provider
@@ -798,6 +803,11 @@ descr: PureVPN
remarks: VPN provider
is-anonymous-proxy: yes
+net: 107.186.38.0/24
+descr: Colorberry VPN services
+remarks: VPN provider
+is-anonymous-proxy: yes
+
net: 109.70.100.0/24
descr: Foundation for Applied Privacy
remarks: Tor relay provider
@@ -853,6 +863,11 @@ descr: GZ Systems Limited / PureVPN
remarks: VPN provider
is-anonymous-proxy: yes
+net: 142.252.111.0/24
+descr: Hurricane VPN
+remarks: VPN provider
+is-anonymous-proxy: yes
+
net: 145.249.104.0/22
descr: Liberty Services / IP Volume Inc.
remarks: VPN provider [high confidence, but not proofed]
@@ -1344,6 +1359,11 @@ descr: VPN Consumer Network Services
remarks: VPN provider
is-anonymous-proxy: yes
+net: 205.164.4.0/24
+descr: OpenVPN Technologies, Inc.
+remarks: VPN provider
+is-anonymous-proxy: yes
+
net: 205.185.193.0/24
descr: SecuredConnectivity
remarks: VPN provider
@@ -103,6 +103,11 @@ descr: Treidinvest LLC
remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage
country: RU
+aut-num: AS41564
+descr: Packet Exchange Limited
+remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
+country: EU
+
aut-num: AS42397
descr: Bunea TELECOM SRL
remarks: ISP located in RO, but some RIR data for announced prefixes contain garbage
@@ -133,6 +138,11 @@ descr: PPTECHNOLOGY LIMITED
remarks: bulletproof ISP (related to AS204655) located in NL
country: NL
+aut-num: AS41564
+descr: Global Colocation Limited
+remarks: part of a dirty ISP conglomerate most likely operating out of SE
+country: SE
+
aut-num: AS49466
descr: KLAYER LLC
remarks: part of the "Asline" IP hijacking gang, traces back to AP region
@@ -168,6 +178,11 @@ descr: FiberXpress BV
remarks: bulletproof ISP (related to AS202425) located in NL
country: NL
+aut-num: AS57858
+descr: Inter Connects Inc.
+remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
+country: SE
+
aut-num: AS58073
descr: YISP BV
remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage
@@ -183,6 +198,11 @@ descr: Batterflyai Media Ltd.
remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage
country: RU
+aut-num: AS60485
+descr: Inter Connects Inc. / Jing Yun
+remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
+country: SE
+
aut-num: AS62355
descr: Network Dedicated SAS
remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL
@@ -193,6 +213,11 @@ descr: VpsQuan L.L.C.
remarks: claims to be located in US, but traces to HK
country: HK
+aut-num: AS63119
+descr: Inter Connects Inc.
+remarks: part of a dirty ISP conglomerate, traces back to US this time
+country: US
+
aut-num: AS64437
descr: NForce Entertainment BV
remarks: currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL
@@ -268,6 +293,11 @@ descr: Kevin Holly trading as Silent Ghost e.U.
remarks: AS run by someone who thinks allocating IP networks to AQ is funny (it is not, kid) :-/
country: NL
+aut-num: AS204353
+descr: Global Offshore Limited
+remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
+country: EU
+
aut-num: AS204655
descr: Novogara Ltd.
remarks: bulletproof ISP (strongly linked to AS202425) located in NL
@@ -343,6 +373,11 @@ descr: PEG TECH INC
remarks: ISP located in HK, tampers with RIR data
country: HK
+aut-num: AS398826
+descr: OLink Cloud LLC
+remarks: shady ISP located in US, but some RIR data for announced prefixes contain garbage
+country: US
+
net: 5.1.68.0/24
descr: GaiacomLC
remarks: routed to DE, inaccurate RIR data