From patchwork Fri Dec 3 11:28:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4896 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4J59ZQ10LBz3wt5 for ; Fri, 3 Dec 2021 11:29:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4J59ZP5xGSznC; Fri, 3 Dec 2021 11:29:01 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4J59ZP5ZjZz2xbS; Fri, 3 Dec 2021 11:29:01 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4J59ZP0vXzz2xR4 for ; Fri, 3 Dec 2021 11:29:01 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4J59ZN2vJ5znC for ; Fri, 3 Dec 2021 11:29:00 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1638530940; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/5ScynHTVeZONMPiTvLcPKoAkGi7u4j7qCOfZtWQjAE=; b=q3lE1O9L3KAtqGt6++viUF35qXDB2DF8LEC4I7NQMC603gV3bCmeZbBz/d2GGfj0PmNZMm PtdHiVNm7HmQrvBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1638530940; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/5ScynHTVeZONMPiTvLcPKoAkGi7u4j7qCOfZtWQjAE=; b=KKFXkV/wKcF2+v8tLnqFIinWUqSQq+TuLRo8tJRwUwyYBYbtpzeloaw3WRI4ixOOxZJ2FB iyekVsQLgCAcbiE1OOGQ1ux6gRH4i8LXE6XMK2BJjby/86vINXGhh1MsOIAFNk8o+2qbzK x+D+7OGYM7GxgIcV7zsjfwPabitWRTgp2xUn4RkY8Hx7OGdYWqvKP0xzyUepL8Ao+Q7F4U 7LFljq0KNMbbfj0My+ZlRNUrpsTWTkiSyrRWD/MKkCpwbhQZWYeXjx5vO1127XvSAuyGUt KSf1YQJRpYIrimvoEGZYZ2IrGdS+mxlR5G40WYDdKs1bVHkps6YOlhRTOoCLAw== Subject: [PATCH 4/4] overrides-xd: Add ASNs of Dutch bulletproof ISP conglomerate "Ecatel" To: location@lists.ipfire.org References: <3541e51b-9697-1058-9997-c72e2e9bdd5b@ipfire.org> <1f24cd07-ba48-640b-6c7f-5d859ab61efc@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <5fed06f8-2fa1-9ad2-cef8-ea97a3fee1bc@ipfire.org> Date: Fri, 3 Dec 2021 12:28:59 +0100 MIME-Version: 1.0 In-Reply-To: <1f24cd07-ba48-640b-6c7f-5d859ab61efc@ipfire.org> Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" See: https://www.nrc.nl/nieuws/2021/04/02/the-cesspool-of-the-internet-is-to-be-found-in-a-village-in-north-holland-a4038369 Signed-off-by: Peter Müller --- overrides/override-other.txt | 50 ------------------------------ overrides/override-xd.txt | 60 ++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 50 deletions(-) diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 6d2aa52..7d76534 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -478,11 +478,6 @@ descr: Spectre Operations BV remarks: ISP located in NL, but some RIR data for suballocations of announced prefixes contain garbage country: NL -aut-num: AS48090 -descr: PPTECHNOLOGY LIMITED -remarks: bulletproof ISP (related to AS204655) located in NL -country: NL - aut-num: AS48158 descr: DigitalOne AG remarks: Services appear to be hosted in RU, RIR data faked/incorrect @@ -593,11 +588,6 @@ descr: vServer.site LTD remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage country: DE -aut-num: AS56611 -descr: REBA Communications BV -remarks: bulletproof ISP (related to AS202425) located in NL -country: NL - aut-num: AS56851 descr: PE Skurykhin Mukola Volodumurovuch remarks: tampers with RIR data, traces back to UA @@ -608,11 +598,6 @@ descr: Hostkey B.V. remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage country: NL -aut-num: AS57717 -descr: FiberXpress BV -remarks: bulletproof ISP (related to AS202425) located in NL -country: NL - aut-num: AS57756 descr: Telefonica LLC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -728,21 +713,11 @@ descr: Vivo Trade L.P. remarks: another shady customer of "DDoS Guard Ltd." country: RU -aut-num: AS62068 -descr: SpectraIP B.V. -remarks: bulletproof ISP (linked to AS202425 et al.) located in NL -country: NL - aut-num: AS62079 descr: Ibernap Management S.L. remarks: traces back to various locations in US country: US -aut-num: AS62355 -descr: Network Dedicated SAS -remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL -country: NL - aut-num: AS62468 descr: VpsQuan L.L.C. remarks: claims to be located in US, but traces to HK @@ -768,11 +743,6 @@ descr: SWISS GLOBAL SERVICES S.A.S. remarks: ... surprisingly, all of their prefixes are hosted in CH, yet they claim CO or PA for them country: CH -aut-num: AS64425 -descr: SKB Enterprise B.V. -remarks: bulletproof ISP (linked to AS202425 et al.) located in NL -country: NL - aut-num: AS64437 descr: NForce Entertainment BV remarks: currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL @@ -1008,21 +978,11 @@ descr: 4Media Ltd. remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data country: BG -aut-num: AS202425 -descr: IP Volume Inc. -remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL -country: NL - aut-num: AS202492 descr: SILVERHILL GROUP HOLDING LTD / SAKIS POLUNIGIS remarks: fake offshore location (SC), traces back to RU country: RU -aut-num: AS202769 -descr: Cooperative Investments LLC -remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL -country: NL - aut-num: AS202920 descr: DataClub S.A. remarks: another shady customer of "DDoS Guard Ltd." @@ -1053,11 +1013,6 @@ descr: Global Offshore Limited remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted country: EU -aut-num: AS204655 -descr: Novogara Ltd. -remarks: bulletproof ISP (strongly linked to AS202425) located in NL -country: NL - aut-num: AS205026 descr: Hauer Hosting Services Limited remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage @@ -1293,11 +1248,6 @@ descr: Sun Network Company Limited remarks: IP hijacker, traces back to AP region country: AP -aut-num: AS328671 -descr: Datapacket Maroc SARL -remarks: bulletproof ISP (strongly linked to AS202425) located in NL -country: NL - aut-num: AS328703 descr: Seven Network Inc. remarks: traces back to ZA diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index 8318b49..7df6188 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -25,3 +25,63 @@ # # Please keep this file sorted. # + +aut-num: AS48090 +descr: PPTECHNOLOGY LIMITED +remarks: bulletproof ISP (related to AS204655) located in NL +country: NL +drop: yes + +aut-num: AS56611 +descr: REBA Communications BV +remarks: bulletproof ISP (related to AS202425) located in NL +country: NL +drop: yes + +aut-num: AS57717 +descr: FiberXpress BV +remarks: bulletproof ISP (related to AS202425) located in NL +country: NL +drop: yes + +aut-num: AS62068 +descr: SpectraIP B.V. +remarks: bulletproof ISP (linked to AS202425 et al.) located in NL +country: NL +drop: yes + +aut-num: AS62355 +descr: Network Dedicated SAS +remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL +country: NL +drop: yes + +aut-num: AS64425 +descr: SKB Enterprise B.V. +remarks: bulletproof ISP (linked to AS202425 et al.) located in NL +country: NL +drop: yes + +aut-num: AS202425 +descr: IP Volume Inc. +remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL +country: NL +drop: yes + +aut-num: AS202769 +descr: Cooperative Investments LLC +remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL +country: NL +drop: yes + +aut-num: AS204655 +descr: Novogara Ltd. +remarks: bulletproof ISP (strongly linked to AS202425) located in NL +country: NL +drop: yes + +aut-num: AS328671 +descr: Datapacket Maroc SARL +remarks: bulletproof ISP (strongly linked to AS202425) located in NL +country: NL +drop: yes