diff mbox series

overrides-{a{1,3},other}: regular batch of various overrides

Message ID 377bff96-f1e1-74ac-60c9-fb16e6e13a3f@ipfire.org
State Accepted
Commit b06d6d88de83891c8bb01345b03c12172b5a74fb
Headers
Series overrides-{a{1,3},other}: regular batch of various overrides |

Commit Message

Peter Müller June 3, 2021, 2:02 p.m. UTC 
  Including location pinning for various LeaseWeb AS, as their customers
seem to tamper with RIR data a lot. Fortunately for use, they use one AS
per PoP, so we can trace back locations quite easy. :-)

AS209242 is especially - um - interesting. Given Cloudflare's nature, it
is impossible to tell where these shady prefixes announced by it are
located. Most of them point to letterbox companies, hosting questionable
services at best.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 overrides/override-a1.txt    |  32 +++++++++-
 overrides/override-a3.txt    |  30 ++++++++++
 overrides/override-other.txt | 112 ++++++++++++++++++++++++++++++++++-
 3 files changed, 172 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 3a65232..b884c5d 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -44,6 +44,11 @@  descr:				VPN de Mexico, S.A. de C.V.
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+aut-num:			AS32781
+descr:				Defender cloud international LLC
+remarks:			VPN provider [high confidence, but not proofed]
+is-anonymous-proxy:	yes
+
 aut-num:			AS34962
 descr:				Epik Network
 remarks:			Shady ISP and registrar, many prefixes announced refer to "anonymize" infrastructure
@@ -236,6 +241,11 @@  descr:				Business VPN LLC
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+aut-num:			AS398271
+descr:				HardenedVPN[.]com LLC
+remarks:			VPN provider
+is-anonymous-proxy:	yes
+
 net:				2.57.171.0/24
 descr:				VPN Consumer Network
 remarks:			VPN provider
@@ -476,6 +486,11 @@  descr:				Shtrauh Andrey
 remarks:			VPN provider [high confidence, but not proofed]
 is-anonymous-proxy:	yes
 
+net:				45.147.56.0/23
+descr:				OLMERA GROUP LTD
+remarks:			VPN provider [high confidence, but not proofed]
+is-anonymous-proxy:	yes
+
 net:				45.151.115.0/24
 descr:				ikoProxies [high confidence, but not proofed]
 remarks:			VPN provider located in NL
@@ -489,7 +504,7 @@  is-anonymous-proxy:	yes
 
 net:				45.192.0.0/12
 descr:				Cloud Innovation Ltd.
-remarks:			hijacked AFRINIC IP chunk owned by an offshore company, routed to several dirty networks worldwide, cannot tell what is going on here
+remarks:			hijacked (?) AFRINIC IP chunk owned by an offshore company, routed to several dirty networks worldwide, cannot tell what is going on here
 is-anonymous-proxy:	yes
 
 net:				45.220.72.0/22
@@ -1131,6 +1146,11 @@  remarks:			(Rogue) VPN provider
 is-anonymous-proxy:	yes
 country:			EU
 
+net:				185.164.59.0/24
+descr:				Buyproxies / Yuli Azarch
+remarks:			VPN provider [high confidence, but not proofed]
+is-anonymous-proxy:	yes
+
 net:				185.165.153.0/24
 descr:				Privacy Matters VPN service / nVPN / David Craig
 remarks:			(Rogue) VPN provider
@@ -1384,6 +1404,11 @@  descr:				VPNClientPublics
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				198.44.224.0/19
+descr:				Defender cloud international LLC
+remarks:			VPN provider [high confidence, but not proofed]
+is-anonymous-proxy:	yes
+
 net:				199.249.223.0/24
 descr:				Quintex Alliance Consulting
 remarks:			Tor relay provider
@@ -1454,6 +1479,11 @@  descr:				SecuredConnectivity
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				206.123.128.0/19
+descr:				Secure Internet LLC
+remarks:			VPN provider
+is-anonymous-proxy:	yes
+
 net:				209.107.176.0/20
 descr:				Google VPN
 remarks:			VPN provider
diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt
index ec246c1..daacc95 100644
--- a/overrides/override-a3.txt
+++ b/overrides/override-a3.txt
@@ -30,11 +30,21 @@  descr:		Akamai Technologies, Inc.
 remarks:	Worldwide CDN, does not make sense to assign their networks to a specific country
 is-anycast:	yes
 
+aut-num:	AS20577
+descr:		TRADEWEB EUROPE LIMITED
+remarks:	Generic anycast network [high confidence, but not proofed]
+is-anycast:	yes
+
 aut-num:	AS20940
 descr:		Akamai International BV
 remarks:	Worldwide CDN, does not make sense to assign their networks to a specific country 
 is-anycast:	yes
 
+aut-num:	AS28064
+descr:		Smart Data Center S.A.
+remarks:	Generic anycast network [high confidence, but not proofed]
+is-anycast:	yes
+
 aut-num:	AS31529
 descr:		DENIC eG
 remarks:	TLD operator's anycast network
@@ -45,6 +55,11 @@  descr:		Citigroup
 remarks:	Public anycast DNS resolver network [high confidence, but not proofed]
 is-anycast:	yes
 
+aut-num:	AS34738
+descr:		WEBHOST LIMITED
+remarks:	Generic anycast network [high confidence, but not proofed]
+is-anycast:	yes
+
 aut-num:	AS34868
 descr:		wasted.io Ltd.
 remarks:	Generic anycast network
@@ -80,6 +95,11 @@  descr:		coreIT.pl
 remarks:	Generic anycast network
 is-anycast:	yes
 
+aut-num:	AS60626
+descr:		Leaseweb CDN B.V.
+remarks:	Generic anycast network
+is-anycast:	yes
+
 aut-num:	AS60890
 descr:		CentralNic Ltd
 remarks:	Generic anycast network
@@ -95,6 +115,11 @@  descr:		OpenTLD BV
 remarks:	TLD operator's anycast network
 is-anycast:	yes
 
+aut-num:	AS61072
+descr:		EZNet LIMITED
+remarks:	Generic anycast network
+is-anycast:	yes
+
 aut-num:	AS62766
 descr:		SJB Communications
 remarks:	Generic anycast network
@@ -160,6 +185,11 @@  descr:		ipcom GmbH
 remarks:	Generic anycast network
 is-anycast:	yes
 
+aut-num:	AS209242
+descr:		Cloudflare London, LLC / Cloudflare Spectrum
+remarks:	CFs' "bring your own IP networks and we will announce it" AS, lots of shady announcements originated from there, clients are located worldwide as single peer is CF's main AS
+is-anycast:	yes
+
 aut-num:	AS209813
 descr:		Fast Content Delivery Ltd.
 remarks:	Generic anycast network
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 0b521d1..e387dbd 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -13,6 +13,11 @@ 
 # Please keep this file sorted.
 #
 
+aut-num:	AS1820
+descr:		WNET TELECOM USA Corp.
+remarks:	traces back to various locations in UA, seems to tamper with RIR data
+country:	UA
+
 aut-num:	AS3216
 descr:		PJSC "Vimpelcom"
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -23,6 +28,11 @@  descr:		XNNET LLC
 remarks:	traces back to an unknown oversea location (HK?), seems to tamper with RIR data
 country:	HK
 
+aut-num:	AS7203
+descr:		Leaseweb USA, Inc.
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS8359
 descr:		MTS PJSC
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -58,16 +68,36 @@  descr:		Yes Networks Unlimited Ltd
 remarks:	traces to UA, but some RIR entries seem to contain garbage (VG)
 country:	UA
 
+aut-num:	AS24961
+descr:		myLoc managed IT AG
+remarks:	ISP located in DE, but some RIR data for announced prefixes contain garbage
+country:	DE
+
 aut-num:	AS25098
 descr:		Netcalibre Ltd.
-remarks:	ISP located in GB, but some RIR data for announced prefixes contain garbage/
+remarks:	ISP located in GB, but some RIR data for announced prefixes contain garbage
 country:	GB
 
+aut-num:	AS27411
+descr:		Leaseweb USA, Inc.
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS28098
 descr:		ABGON Comunicaciones
 remarks:	ISP located in CL, but some RIR data for announced prefixes contain garbage (BZ)
 country:	CL
 
+aut-num:	AS28753
+descr:		Leaseweb Deutschland GmbH
+remarks:	ISP located in Frankfurt/Main, DE, but many RIR data for announced prefixes contain garbage
+country:	DE
+
+aut-num:	AS30633
+descr:		Leaseweb USA, Inc.
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage (BZ)
+country:	US
+
 aut-num:	AS35042
 descr:		IP Interactive UG (haftungsbeschraenkt)
 remarks:	ISP located in BG, but RIR data for announced prefixes contain garbage
@@ -163,6 +193,11 @@  descr:		Global Colocation Limited
 remarks:	part of a dirty ISP conglomerate most likely operating out of SE
 country:	SE
 
+aut-num:	AS48721
+descr:		ADM Service Ltd.
+remarks:	traces back to Vilnius, LT
+country:	LT
+
 aut-num:	AS49466
 descr:		KLAYER LLC
 remarks:	part of the "Asline" IP hijacking gang, traces back to AP region
@@ -233,6 +268,11 @@  descr:		INNETRA PC
 remarks:	another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU
 country:	EU
 
+aut-num:	AS59253
+descr:		Leaseweb Asia Pacific pte. ltd.
+remarks:	ISP located in SG, but some RIR data for announced prefixes contain garbage
+country:	SG
+
 aut-num:	AS59580
 descr:		Batterflyai Media Ltd.
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -248,6 +288,11 @@  descr:		Inter Connects Inc. / Jing Yun
 remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
 country:	SE
 
+aut-num:	AS60781
+descr:		LeaseWeb Netherlands B.V.
+remarks:	ISP located in Amsterdam, NL, but many RIR data for announced prefixes contain garbage
+country:	NL
+
 aut-num:	AS61977
 descr:		Vivo Trade L.P.
 remarks:	another shady customer of "DDoS Guard Ltd."
@@ -283,11 +328,31 @@  descr:		NForce Entertainment BV
 remarks:	currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL
 country:	NL
 
+aut-num:	AS132369
+descr:		XIANGAO INTERNATIONAL TELECOMMUNICATION LIMITED
+remarks:	ISP located in HK, tampers with RIR data
+country:	HK
+
+aut-num:	AS133752
+descr:		Leaseweb Asia Pacific pte. ltd.
+remarks:	ISP located in HK, some RIR data for announced prefixes contain garbage
+country:	HK
+
+aut-num:	AS134351
+descr:		Leaseweb Japan K.K.
+remarks:	ISP located in JP, some RIR data for announced prefixes contain garbage
+country:	JP
+
 aut-num:	AS134548
 descr:		DXTL Tseung Kwan O Service
 remarks:	tampers with RIR data, traces back to AP region
 country:	AP
 
+aut-num:	AS136988
+descr:		Leaseweb Australia Pty. Ltd.
+remarks:	ISP located in AU, some RIR data for announced prefixes contain garbage
+country:	AU
+
 aut-num:	AS137443
 descr:		Anchnet Asia Limited
 remarks:	IP hijacker located in HK, tampers with RIR data
@@ -298,11 +363,26 @@  descr:		Clayer Limited
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
 country:	AP
 
+aut-num:	AS138571
+descr:		SUPERCLOUDS LIMITED
+remarks:	ISP located in HK, tampers with RIR data
+country:	HK
+
+aut-num:	AS139242
+descr:		Cloudflare Sydney, LLC
+remarks:	... but CF failed to set the country for announced prefixes to AU as well :-/
+country:	AU
+
 aut-num:	AS139330
 descr:		SANREN DATA LIMITED
 remarks:	IP hijacker located somewhere in AP region, tampers with RIR data
 country:	AP
 
+aut-num:	AS139811
+descr:		ANLIAN NETWORK TECHNOLOGY CO., LIMITED
+remarks:	ISP located in HK, tampers with RIR data
+country:	HK
+
 aut-num:	AS140733
 descr:		Wujidun Network Limited
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
@@ -323,6 +403,11 @@  descr:		Datashield, Inc.
 remarks:	fake offshore location (SC), traces back to NL
 country:	NL
 
+aut-num:	AS200740
+descr:		Network Management Ltd.
+remarks:	traceroutes dead-end somewhere in or near RU
+country:	RU
+
 aut-num:	AS200845
 descr:		AVATEL TELECOM
 remarks:	ISP located in ES, but some RIR data for announced prefixes contain garbage
@@ -388,6 +473,11 @@  descr:		Hauer Hosting Services Limited
 remarks:	ISP located in ES, but some RIR data for announced prefixes contain garbage
 country:	ES
 
+aut-num:	AS205544
+descr:		LEASEWEB UK LIMITED
+remarks:	ISP located in London, GB, but many RIR data for announced prefixes contain garbage
+country:	GB
+
 aut-num:	AS206397
 descr:		Genius Guard / Genius Security Ltd.
 remarks:	another shady customer of "DDoS Guard Ltd.", probably located in RU
@@ -403,6 +493,11 @@  descr:		Xtudio Networks S.L.U.
 remarks:	ISP located in ES, but some RIR data for announced prefixes contain garbage
 country:	ES
 
+aut-num:	AS207569
+descr:		Network Management Ltd.
+remarks:	traceroutes dead-end somewhere in or near RU
+country:	RU
+
 aut-num:	AS207616
 descr:		Altrosky Technology Ltd.
 remarks:	fake offshore location (SC), traces back to CZ and NL
@@ -458,6 +553,11 @@  descr:		Harry Dowd
 remarks:	ISP located in GB, but RIR data for announced prefixes contain garbage
 country:	GB
 
+aut-num:	AS212962
+descr:		Quality Area Ltd.
+remarks:	traceroutes dead-end somewhere near Crimera, UA
+country:	UA
+
 aut-num:	AS213035
 descr:		Serverion BV
 remarks:	ISP located in NL, but RIR data for most announced prefixes contain garbage
@@ -488,6 +588,16 @@  descr:		Datapacket Maroc SARL
 remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
 country:	NL
 
+aut-num:	AS394380
+descr:		Leaseweb USA, Inc.
+remarks:	ISP located in Dallas, TX, US, but some RIR data for announced prefixes contain garbage
+country:	US
+
+aut-num:	AS395954
+descr:		Leaseweb USA, Inc.
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS398478
 descr:		PEG TECH INC
 remarks:	ISP located in HK, tampers with RIR data