override-{a1,other,xd}: Regular batch of various overrides

Message ID a76e28aa-e648-24eb-380e-4c70d60a2d53@ipfire.org
State Superseded
Headers
Series override-{a1,other,xd}: Regular batch of various overrides |

Commit Message

Peter Müller Jan. 16, 2022, 11:19 a.m. UTC
  Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 overrides/override-a1.txt    |  5 ++
 overrides/override-other.txt | 92 ++++++++++++++++++------------------
 overrides/override-xd.txt    | 66 +++++++++++++++++++++++---
 3 files changed, 111 insertions(+), 52 deletions(-)
  

Patch

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 43e0174..a97e7ce 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -639,6 +639,11 @@  descr:				Gabor Marton
 remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
 is-anonymous-proxy:		yes
 
+net:				45.203.128.0/18
+descr:				ProxyWow LLC
+remarks:			CloudInnovation space leased to "ProxyWow LLC" - not a safe area to accept traffic from anyways
+is-anonymous-proxy:		yes
+
 net:				45.220.72.0/22
 descr:				Low budget VPN service
 remarks:			VPN provider
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 89ad8e0..c33e642 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -63,6 +63,11 @@  aut-num:	AS4134
 name:		Chinanet Backbone
 remarks:	has no sane AS name set in APNIC DB
 
+aut-num:	AS4609
+descr:		Companhia de Telecomunicacones de Macau SARL
+remarks:	ISP located in MO, but some RIR data needs manual correction due to ARIN DB situation
+country:	MO
+
 aut-num:	AS4754
 name:		Software Technology Park of India
 remarks:	has no sane AS name set in APNIC DB
@@ -90,6 +95,11 @@  descr:		Greek Research and Technology Network (GRNET) S.A.
 remarks:	... located in GR
 country:	GR
 
+aut-num:	AS6079
+descr:		RCN
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS6134
 descr:		XNNET LLC
 remarks:	traces back to HK, seems to tamper with RIR data
@@ -208,6 +218,11 @@  descr:		Unicycle, LLC
 remarks:	traces back to NL
 country:	NL
 
+aut-num:	AS26548
+descr:		PureVoltage Hosting Inc.
+remarks:	ISP and IP hijacker located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS26636
 descr:		GBTCloud, Inc.
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
@@ -263,6 +278,11 @@  descr:		Neterra Ltd.
 remarks:	ISP located in BG, but some RIR data for announced prefixes contain garbage
 country:	BG
 
+aut-num:	AS34549
+descr:		meerfarbig GmbH & Co. KG
+remarks:	ISP located in DE, but some RIR data for announced prefixes contain garbage
+country:	DE
+
 aut-num:	AS34665
 descr:		Petersburg Internet Network Ltd.
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -388,10 +408,10 @@  descr:		MLAB Open Source Community
 remarks:	traces back to DE
 country:	DE
 
-aut-num:	AS41564
-descr:		Orion Network Limited
-remarks:	shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
-country:	SE
+aut-num:	AS41378
+descr:		Kirino LLC
+remarks:	traces back to AP vincinity, tampers with RIR data
+country:	AP
 
 aut-num:	AS41608
 descr:		NextGenWebs, S.L.
@@ -603,11 +623,6 @@  descr:		Reliance Jio Infocomm Limited
 remarks:	ISP located in IN, but some RIR data for announced prefixes contain garbage
 country:	IN
 
-aut-num:	AS55933
-descr:		Cloudie Limited
-remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
-country:	AP
-
 aut-num:	AS56322
 descr:		ServerAstra Kft.
 remarks:	ISP located in HU, but some RIR data for announced prefixes contain garbage
@@ -633,16 +648,6 @@  descr:		Telefonica LLC
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
 country:	RU
 
-aut-num:	AS57858
-descr:		Inter Connects Inc.
-remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
-country:	SE
-
-aut-num:	AS57972
-descr:		Inter Connects Inc.
-remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
-country:	SE
-
 aut-num:	AS58061
 descr:		Scalaxy B.V.
 remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
@@ -665,8 +670,8 @@  country:	BG
 
 aut-num:	AS58349
 descr:		INNETRA PC
-remarks:	another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU
-country:	EU
+remarks:	... traceroutes dead-end in NL
+country:	NL
 
 aut-num:	AS58879
 descr:		Shanghai Anchang Network Security Technology Co.,Ltd.
@@ -723,11 +728,6 @@  descr:		DignusData LLC
 remarks:	ISP located in PL, but _all_ RIR data for announced prefixes contain garbage
 country:	PL
 
-aut-num:	AS60485
-descr:		Inter Connects Inc. / Jing Yun
-remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
-country:	SE
-
 aut-num:	AS60546
 descr:		EU Routing Ltd
 remarks:	fake offshore location (CY), hosted in NL
@@ -818,6 +818,11 @@  descr:		CloudITIDC Global
 remarks:	ISP and/or IP hijacker located somewhere in AP
 country:	AP
 
+aut-num:	AS133613
+descr:		MTel telecommunication company ltd.
+remarks:	ISP and located in MO, but some prefixes needs manual correction due to ARIN DB situation
+country:	MO
+
 aut-num:	AS133752
 descr:		Leaseweb Asia Pacific pte. ltd.
 remarks:	ISP located in HK, some RIR data for announced prefixes contain garbage
@@ -853,6 +858,11 @@  descr:		LUOGELANG (FRANCE) LIMITED
 remarks:	Shady ISP located in HK, RIR data for announced prefixes contain garbage
 country:	HK
 
+aut-num:	AS136167
+descr:		China Telecom (Macau) Company Limited
+remarks:	located in MO, yet some prefixes show CN or HK instead
+country:	MO
+
 aut-num:	AS136274
 descr:		Cloud Servers Pvt Ltd
 remarks:	ISP located in NL, all RIR data for announced prefixes contain garbage
@@ -918,11 +928,6 @@  descr:		Cloudflare Sydney, LLC
 remarks:	... but CF failed to set the country for announced prefixes to AU as well :-/
 country:	AU
 
-aut-num:	AS139330
-descr:		SANREN DATA LIMITED
-remarks:	IP hijacker located somewhere in AP region, tampers with RIR data
-country:	AP
-
 aut-num:	AS139471
 descr:		HWA CENT TELECOMMUNICATIONS LIMITED
 remarks:	ISP and/or IP hijacker located in AP area, tampers with RIR data
@@ -955,7 +960,7 @@  country:	HK
 
 aut-num:	AS139879
 descr:		Galaxy Broadband
-remarks:	ISP located in PK, but announces 204.137.128.0/18, which is ARIN space, assigned to "AGIS" / Cogent - odd...
+remarks:	ISP located in PK, but some RIR data need manual correction due to ARIN DB situation
 country:	PK
 
 aut-num:	AS140214
@@ -983,10 +988,10 @@  descr:		Full Time Hosting
 remarks:	ISP located in DE, tampers with RIR data
 country:	DE
 
-aut-num:	AS141746
-descr:		Orenji Server
-remarks:	IP hijacker located somewhere in AP area (JP?)
-country:	AP
+aut-num:	AS141677
+descr:		Nathosts Limited
+remarks:	... located in HK?
+country:	HK
 
 aut-num:	AS196682
 descr:		FLP Kochenov Aleksej Vladislavovich
@@ -1198,11 +1203,6 @@  descr:		Des Capital B.V.
 remarks:	Shady ISP located in NL, but RIR data for announced prefixes contain garbage
 country:	NL
 
-aut-num:	AS210848
-descr:		Telkom Internet LTD
-remarks:	shady ISP currently located in NL
-country:	NL
-
 aut-num:	AS211380
 descr:		PAYWISE HOLDING Sp. z.o.o.
 remarks:	ISP located in NL, but RIR data for announced prefixes contain garbage
@@ -1248,11 +1248,6 @@  descr:		MILEGROUP LTD
 remarks:	traceroutes dead-end somewhere in Central Europe
 country:	EU
 
-aut-num:	AS212552
-descr:		BitCommand LLC
-remarks:	Hides behind a CDN ISP, traceroutes dead-end somewhere in Central Europe
-country:	EU
-
 aut-num:	AS212667
 descr:		RECONN LLC
 remarks:	ISP located in RU, but RIR data for announced prefixes contain garbage
@@ -1533,6 +1528,11 @@  descr:		SpaceX Canada Corp.
 remarks:	Accurate country code missing due to ARIN DB situation, see also: #12746
 country:	CA
 
+net:		103.126.4.0/23
+descr:		Cyber Telecom ISP
+remarks:	Despite being allocated to AF, traceroutes end in NL
+country:	NL
+
 net:		103.197.148.0/22
 descr:		I.C.S. Trabia-Network S.R.L.
 remarks:	fake offshore location (HK), traces back to MD
diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt
index 738a699..2b50406 100644
--- a/overrides/override-xd.txt
+++ b/overrides/override-xd.txt
@@ -67,6 +67,12 @@  descr:		1337TEAM LIMITED / eliteteam[.]to
 remarks:	Owned by an offshore letterbox company, suspected rogue ISP
 drop:		yes
 
+aut-num:	AS41564
+descr:		Orion Network Limited
+remarks:	shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
+country:	EU
+drop:		yes
+
 aut-num:	AS43092
 descr:		Kirin Communication Limited
 remarks:	Hijacks IP space and tampers with RIR data, traces back to JP
@@ -79,6 +85,12 @@  remarks:	bulletproof ISP with strong links to RU
 country:	RU
 drop:		yes
 
+aut-num:	AS44446
+descr:		OOO SibirInvest
+remarks:	bulletproof ISP (related to AS202425 and AS57717) located in NL
+country:	NL
+drop:		yes
+
 aut-num:	AS48090
 descr:		PPTECHNOLOGY LIMITED
 remarks:	bulletproof ISP (related to AS204655) located in NL
@@ -109,6 +121,12 @@  remarks:	Autonomous System registered to offshore company, abuse contact is a fr
 country:	AP
 drop:		yes
 
+aut-num:	AS55933
+descr:		Cloudie Limited
+remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
+country:	AP
+drop:		yes
+
 aut-num:	AS56611
 descr:		REBA Communications BV
 remarks:	bulletproof ISP (related to AS202425) located in NL
@@ -126,6 +144,18 @@  remarks:	bulletproof ISP (related to AS202425) located in NL
 country:	NL
 drop:		yes
 
+aut-num:	AS57858
+descr:		Inter Connects Inc.
+remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
+country:	SE
+drop:		yes
+
+aut-num:	AS57972
+descr:		Inter Connects Inc.
+remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
+country:	SE
+drop:		yes
+
 aut-num:	AS58271
 descr:		FOP Gubina Lubov Petrivna
 remarks:	bulletproof ISP operating from a war zone in eastern UA
@@ -143,6 +173,12 @@  descr:		1337TEAM LIMITED / eliteteam[.]to
 remarks:	Owned by an offshore letterbox company, suspected rogue ISP
 drop:		yes
 
+aut-num:	AS60485
+descr:		Inter Connects Inc. / Jing Yun
+remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
+country:	SE
+drop:		yes
+
 aut-num:	AS61414
 descr:		EDGENAP LTD
 remarks:	IP hijacking? Rogue ISP?
@@ -190,6 +226,12 @@  remarks:	IP hijacker located somewhere in AP area
 country:	AP
 drop:		yes
 
+aut-num:	AS139330
+descr:		SANREN DATA LIMITED
+remarks:	IP hijacker located somewhere in AP region, tampers with RIR data
+country:	AP
+drop:		yes
+
 aut-num:	AS140107
 descr:		CITIS CLOUD GROUP LIMITED
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, location unknown (AP? HK? US?)
@@ -201,6 +243,12 @@  remarks:	ISP and IP hijacker located in HK, tampers with RIR data
 country:	HK
 drop:		yes
 
+aut-num:	AS141746
+descr:		Orenji Server
+remarks:	IP hijacker located somewhere in AP area (JP?)
+country:	AP
+drop:		yes
+
 aut-num:	AS200391
 descr:		KREZ 999 EOOD
 remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
@@ -231,24 +279,30 @@  remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
 country:	NL
 drop:		yes
 
-aut-num:	AS207812
-descr:		DM AUTO EOOD
-remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
-country:	BG
-drop:		yes
-
 aut-num:	AS209272
 descr:		Alviva Holding Limited
 remarks:	bulletproof ISP operating from a war zone in eastern UA
 country:	UA
 drop:		yes
 
+aut-num:	AS210848
+descr:		Telkom Internet LTD
+remarks:	Rogue ISP (linked to AS202425) located in NL
+country:	NL
+drop:		yes
+
 aut-num:	AS211193
 descr:		ABDILAZIZ UULU ZHUSUP
 remarks:	bulletproof ISP and IP hijacker, traces to RU
 country:	RU
 drop:		yes
 
+aut-num:	AS212552
+descr:		BitCommand LLC
+remarks:	Dirty ISP located somewhere in EU, cannot trust RIR data of this network
+country:	EU
+drop:		yes
+
 aut-num:	AS213058
 descr:		Private Internet Hosting LTD
 remarks:	bulletproof ISP located in RU