From patchwork Fri Aug 6 15:06:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4616 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Gh82t2QHQz3xGs for ; Fri, 6 Aug 2021 15:07:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Gh82s5xmkz14b; Fri, 6 Aug 2021 15:07:01 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Gh82s47FTz2xPJ; Fri, 6 Aug 2021 15:07:01 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Gh82q4x5Mz2xNW for ; Fri, 6 Aug 2021 15:06:59 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Gh82p33Zxz14b for ; Fri, 6 Aug 2021 15:06:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1628262418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9BBw9DTweEb+lgJ0YjXhfQShLvJ9JvTprvz+GUu93Aw=; b=iD9wAlSR+3PzU/dYrlpQDMZI+/ttuEX22cZnrE7K7XKILNDaYJ7YJMk5aWsLFzywi2DOhU xjlGlee+GHJYe/m9HSpkkZf4oxt8IaI1uMAWiL9mECS2xP29p/doDG75/dNmjTaOVYy5D8 +9hTQ+AQR4HYihkIf1WtvoxDC+/ywgO/4eG1NfJ7xoyFu8NZN/2GAyKUVSrYCFyEwmwU6b EvIDXE1f4Ap6XmTflyL/mbUACOjTxuAJ9YT7QWIFB7gG7GcillLmMu0r62kqkk7kNBX6Ne tN0Vil4bOZoadxl62sXUyWK4hbwpqZ7hK3EnmkzOopfPi1rMxzG1/11uLx8ybw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1628262418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9BBw9DTweEb+lgJ0YjXhfQShLvJ9JvTprvz+GUu93Aw=; b=dTkKCmv4f+fiKMm66+luzSpTWihxFyPsh0pKdHkTkX/Z5NyIibgHrvhBJJhHaPFidVsZn5 GUBriqaBwWibMhAw== To: "IPFire: Location" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH 1/2] overrides: regular batch of various overrides Message-ID: <4349f4fb-29b6-8fc4-0e96-7d94c5feb0d0@ipfire.org> Date: Fri, 6 Aug 2021 17:06:56 +0200 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" This includes sane AS names for some Autonomous Systems whose operators did not set helpful ones in the corresponding RIR DB. Signed-off-by: Peter Müller --- overrides/override-a2.txt | 9 +++-- overrides/override-a3.txt | 6 ++++ overrides/override-other.txt | 66 +++++++++++++++++++++++++++++++++--- 3 files changed, 73 insertions(+), 8 deletions(-) diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt index 4aac6ea..502948f 100644 --- a/overrides/override-a2.txt +++ b/overrides/override-a2.txt @@ -420,18 +420,21 @@ is-satellite-provider: yes aut-num: AS198381 descr: YahClick / Star Satellite Communications Company - PJSC -remarks: Satellite Internet provider +remarks: Satellite Internet provider, RIR data indicates prefixes are hosted in ES is-satellite-provider: yes +country: ES aut-num: AS198394 descr: YahClick / Star Satellite Communications Company - PJSC -remarks: Satellite Internet provider +remarks: Satellite Internet provider, RIR data indicates prefixes are hosted in GR is-satellite-provider: yes +country: GR aut-num: AS198504 descr: YahClick / Star Satellite Communications Company - PJSC -remarks: Satellite Internet provider +remarks: Satellite Internet provider, RIR data indicates prefixes are hosted in LU is-satellite-provider: yes +country: LU aut-num: AS201554 descr: SES Germany GmbH diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index 3c38b69..d810d93 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -177,6 +177,12 @@ descr: Hybula B.V. remarks: Generic anycast network is-anycast: yes +aut-num: AS57724 +descr: DDOS-GUARD LTD +remarks: shady CDN, customers massively tampers with RIR data, we cannot trust this network +is-anycast: yes +country: RU + aut-num: AS57926 descr: SafeDNS, Inc. remarks: Public anycast DNS resolver network [high confidence, but not proofed] diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 454d1d5..045b515 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -13,6 +13,18 @@ # Please keep this file sorted. # +aut-num: AS1739 +as-name: Tampere University of Technology +remarks: has no sane AS name set in RIPE DB + +aut-num: AS1768 +as-name: NCNIC +remarks: has no sane AS name set in APNIC DB + +aut-num: AS1769 +as-name: NCNIC +remarks: has no sane AS name set in APNIC DB + aut-num: AS1820 descr: WNET TELECOM USA Corp. remarks: traces back to various locations in UA, seems to tamper with RIR data @@ -28,6 +40,22 @@ descr: Dimension Data remarks: ISP (?) located in ZA, but some RIR data for announced prefixes contain garbage country: ZA +aut-num: AS4134 +as-name: Chinanet Backbone +remarks: has no sane AS name set in APNIC DB + +aut-num: AS4754 +as-name: Software Technology Park of India +remarks: has no sane AS name set in APNIC DB + +aut-num: AS4800 +as-name: Indonesia Network Information Center +remarks: has no sane AS name set in APNIC DB + +aut-num: AS4814 +as-name: China169 Beijing Broadband Network +remarks: has no sane AS name set in APNIC DB + aut-num: AS4842 descr: Tianhai InfoTech remarks: IP hijacker located somewhere in AP, massively tampers with RIR data @@ -38,6 +66,10 @@ descr: XNNET LLC remarks: traces back to an unknown oversea location (HK?), seems to tamper with RIR data country: AP +aut-num: AS6412 +as-name: Zajil International Telecom Company +remarks: has no sane AS name set in RIPE DB + aut-num: AS7203 descr: Leaseweb USA, Inc. remarks: ISP located in US, but some RIR data for announced prefixes contain garbage @@ -68,6 +100,10 @@ descr: ASLINE LIMITED remarks: IP hijacker, traces back to AP region country: AP +aut-num: AS18185 +as-name: Northern Taiwan Community University +remarks: has no sane AS name set in APNIC DB + aut-num: AS18254 descr: KLAYER LLC remarks: part of the "Asline" IP hijacking gang, traces back to AP region @@ -128,6 +164,11 @@ descr: Leaseweb USA, Inc. remarks: ISP located in US, but some RIR data for announced prefixes contain garbage (BZ) country: US +aut-num: AS30823 +descr: combahton GmbH +remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage +country: DE + aut-num: AS34224 descr: Neterra Ltd. remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage @@ -168,6 +209,11 @@ descr: Silverstar Invest Limited remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU +aut-num: AS37155 +descr: NetOne Telecomunicacoes (defunct) +remarks: spamming bogon located in or near Luanda, AO - formerly allocated to NetOne Telecomunicacoes +country: AO + aut-num: AS38197 descr: Sun Network (Hong Kong) Limited remarks: ISP located in HK (duh!), but some RIR data for announced prefixes contain garbage @@ -268,6 +314,11 @@ descr: IP Oleinichenko Denis remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU +aut-num: AS44592 +descr: Skylink Data Center BV +remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage +country: NL + aut-num: AS44992 descr: KeonWoo PARK remarks: claims US for its prefixes announced, but traces back to KR @@ -318,6 +369,11 @@ descr: Selectel remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU +aut-num: AS49612 +descr: DDoS Guard Ltd. / Cognitive Cloud LLP +remarks: another shady customer or branch of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU +country: EU + aut-num: AS49921 descr: F.I.H. FORMULA INVESTMENT HOUSE CLEARING LIMITED remarks: claims GR for announced prefixes, but traceroutes dead-end somewhere else in EU @@ -388,11 +444,6 @@ descr: FiberXpress BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL -aut-num: AS57724 -descr: DDOS-GUARD LTD -remarks: shady ISP, customers massively tamper with RIR data, we cannot trust this network -country: RU - aut-num: AS57756 descr: Telefonica LLC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -643,6 +694,11 @@ descr: Wujidun Network Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region country: AP +aut-num: AS140941 +descr: Full Time Hosting +remarks: ISP located in DE, tampers with RIR data +country: DE + aut-num: AS196682 descr: FLP Kochenov Aleksej Vladislavovich remarks: ISP located in UA, but RIR data for announced prefixes all say EU