From patchwork Sun Aug 8 16:35:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4621 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4GjPvw5jp2z3xGs for ; Sun, 8 Aug 2021 16:35:24 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4GjPvw239Nzc3; Sun, 8 Aug 2021 16:35:24 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4GjPvw0X59z2xgw; Sun, 8 Aug 2021 16:35:24 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4GjPvt455fz2xTN for ; Sun, 8 Aug 2021 16:35:22 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4GjPvs0tkNzc3 for ; Sun, 8 Aug 2021 16:35:20 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1628440521; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+CxMSK9yMmMktcK/mGNYZPCdqgLnptWs90MoIcGZAt4=; b=JXsW+EaM+TTKrRHPFlkwRdWezzwJPKZW6wQh6NAf3nh5LlNZTh9CLjHpPwlTsP9WiDJgsl 6eT63Vdyjy/9thCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1628440521; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+CxMSK9yMmMktcK/mGNYZPCdqgLnptWs90MoIcGZAt4=; b=MZ/bX2RMBlEvE3Zn2DOHO/w5Js81wH/0rcUBGlT4B5YE8f42YoovSKoa6U98HIonYfVdmC Dy/Vlq5NMPLBNcY6orlYOj/ioxrzirYnXJtJmmZe8GPSh/xdf8IqA8GqeGtMvSb2owwuXe gres31FgTB5y/SkEQzWsCNJxhpgWxAgz7Uddcb0lpNq1x3Givd/TrpBeznMvHx2yBthHAC qm/rfTkfhwcj31q//RniEGivqKrbUyMB08WPzwm7V8VPObAI29DpcwgP9OnPmMKB+v7vYH Cej3qUVxUxc4Vd6DJdckviFpH70njDffwT2KFALjKWVbeU//7JkDXc8qf6HpcQ== To: "IPFire: Location" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH] override-*: another bunch of various overrides Message-ID: Date: Sun, 8 Aug 2021 18:35:19 +0200 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" Including fixed statements for ASNs without a sane AS name in RIR DBs. My fault, again. :-/ Signed-off-by: Peter Müller --- overrides/override-a1.txt | 10 +++ overrides/override-a2.txt | 24 +++++++ overrides/override-a3.txt | 15 ++++ overrides/override-other.txt | 132 ++++++++++++++++++++++++++++++++--- 4 files changed, 170 insertions(+), 11 deletions(-) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 284c3e8..d545f05 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -301,6 +301,11 @@ descr: HardenedVPN[.]com LLC remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS399928 +descr: STELLAR PROXIES +remarks: VPN or open proxy provider +is-anonymous-proxy: yes + net: 2.57.171.0/24 descr: VPN Consumer Network remarks: VPN provider @@ -812,6 +817,11 @@ descr: ThinkTech Technology Industrial CO. Limited remarks: VPN provider is-anonymous-proxy: yes +net: 91.109.176.0/20 +descr: IELO-LIAZO SERVICES SAS +remarks: (Rogue) VPN provider hosting C&Cs en masse +is-anonymous-proxy: yes + net: 91.193.75.0/24 descr: KGB Hosting d.o.o. / David Craig remarks: (Rogue) VPN provider diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt index 502948f..5d28cd8 100644 --- a/overrides/override-a2.txt +++ b/overrides/override-a2.txt @@ -403,6 +403,12 @@ descr: IPStar remarks: Satellite Internet provider [high confidence, but not proofed] is-satellite-provider: yes +aut-num: AS136796 +descr: CoreLink Japan +remarks: Satellite Internet provider [high confidence, but not proofed] located in JP +is-satellite-provider: yes +country: JP + aut-num: AS136940 descr: ComSat Ltd. remarks: Satellite Internet provider @@ -418,6 +424,12 @@ descr: Alpha Sattelite Network remarks: Satellite Internet provider is-satellite-provider: yes +aut-num: AS198247 +descr: YahClick / Star Satellite Communications Company - PJSC +remarks: Satellite Internet provider, RIR data indicates prefixes are hosted in Abu Dhabi, AE +is-satellite-provider: yes +country: AE + aut-num: AS198381 descr: YahClick / Star Satellite Communications Company - PJSC remarks: Satellite Internet provider, RIR data indicates prefixes are hosted in ES @@ -461,6 +473,12 @@ descr: Intersat Telekomunikacije d.o.o. remarks: Satellite Internet provider is-satellite-provider: yes +aut-num: AS208428 +descr: YahClick / Star Satellite Communications Company - PJSC +remarks: Satellite Internet provider, pinning to AE since other announcements made by this organisation contain garbage +is-satellite-provider: yes +country: AE + aut-num: AS208484 descr: EuroSkyPark GmbH remarks: Satellite Internet provider @@ -1626,6 +1644,12 @@ descr: Satellite Ltd remarks: Satellite Internet provider is-satellite-provider: yes +net: 185.192.56.0/22 +descr: CoreLink Communications +remarks: Chinese satellite Internet provider [high confidence, but not proofed] +is-satellite-provider: yes +country: AP + net: 185.200.224.0/22 descr: Level421 GmbH remarks: Satellite Internet provider diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index d810d93..8cd49a3 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -140,6 +140,11 @@ descr: ANEXIA Internetdienstleistungs GmbH remarks: Public anycast DNS nameserver network [high confidence, but not proofed] is-anycast: yes +aut-num: AS42909 +descr: Community DNS Limited +remarks: Public anycast DNS nameserver network [high confidence, but not proofed] +is-anycast: yes + aut-num: AS43278 descr: Instance Group LLC remarks: Generic anycast network [high confidence, but not proofed], RIR data contain garbage @@ -968,6 +973,16 @@ descr: Communications Regulatory Authority remarks: Generic anycast network is-anycast: yes +net: 184.24.0.0/13 +descr: Akamai Technologies, Inc. +remarks: IP chunk in use for providing CDN services worldwide, subnets scatter across various Autonomous Systems +is-anycast: yes + +net: 184.84.0.0/14 +descr: Akamai Technologies, Inc. +remarks: IP chunk in use for providing CDN services worldwide, subnets scatter across various Autonomous Systems +is-anycast: yes + net: 185.20.53.0/24 descr: Exascale Limited remarks: Generic anycast network diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 045b515..2af24ff 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -14,15 +14,15 @@ # aut-num: AS1739 -as-name: Tampere University of Technology +name: Tampere University of Technology remarks: has no sane AS name set in RIPE DB aut-num: AS1768 -as-name: NCNIC +name: NCNIC remarks: has no sane AS name set in APNIC DB aut-num: AS1769 -as-name: NCNIC +name: NCNIC remarks: has no sane AS name set in APNIC DB aut-num: AS1820 @@ -41,19 +41,24 @@ remarks: ISP (?) located in ZA, but some RIR data for announced prefixes contain country: ZA aut-num: AS4134 -as-name: Chinanet Backbone +name: Chinanet Backbone remarks: has no sane AS name set in APNIC DB aut-num: AS4754 -as-name: Software Technology Park of India +name: Software Technology Park of India remarks: has no sane AS name set in APNIC DB +aut-num: AS4785 +descr: xTom Limited +remarks: ISP located in JP, RIR data for announced prefixes contain garbage +country: JP + aut-num: AS4800 -as-name: Indonesia Network Information Center +name: Indonesia Network Information Center remarks: has no sane AS name set in APNIC DB aut-num: AS4814 -as-name: China169 Beijing Broadband Network +name: China169 Beijing Broadband Network remarks: has no sane AS name set in APNIC DB aut-num: AS4842 @@ -67,7 +72,7 @@ remarks: traces back to an unknown oversea location (HK?), seems to tamper with country: AP aut-num: AS6412 -as-name: Zajil International Telecom Company +name: Zajil International Telecom Company remarks: has no sane AS name set in RIPE DB aut-num: AS7203 @@ -80,6 +85,11 @@ descr: MTS PJSC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU +aut-num: AS9312 +descr: xTom Hong Kong Limited +remarks: ISP located in HK, RIR data for announced prefixes contain garbage +country: HK + aut-num: AS12025 descr: Iron Mountain Data Center remarks: ISP located in US, but some RIR data for announced prefixes contain garbage @@ -95,13 +105,18 @@ descr: RECONN LLC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU +aut-num: AS13830 +descr: Nexril +remarks: ISP located in US, but some RIR data for announced prefixes contain garbage +country: US + aut-num: AS18013 descr: ASLINE LIMITED remarks: IP hijacker, traces back to AP region country: AP aut-num: AS18185 -as-name: Northern Taiwan Community University +name: Northern Taiwan Community University remarks: has no sane AS name set in APNIC DB aut-num: AS18254 @@ -109,6 +124,11 @@ descr: KLAYER LLC remarks: part of the "Asline" IP hijacking gang, traces back to AP region country: AP +aut-num: AS18779 +descr: EGIHosting +remarks: ISP located in US, but some RIR data for announced prefixes contain garbage +country: US + aut-num: AS21100 descr: ITL LLC remarks: ISP headquatered in BG and/or UA, physically located in NL, some RIR data for announced prefixes contain inaccurate data @@ -119,6 +139,11 @@ descr: DDOSING NETWORK remarks: IP hijacker located somewhere in AP, massively tampers with RIR data country: AP +aut-num: AS23858 +descr: xTom Pty. Ltd. +remarks: ISP located in AU, RIR data for announced prefixes contain garbage +country: AU + aut-num: AS24009 descr: HK UNITE TELECOMMUNICATIONS DEVELOPMENT LIMITED remarks: IP hijacker (?) located in HK, tampers with RIR data @@ -169,11 +194,31 @@ descr: combahton GmbH remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage country: DE +aut-num: AS30982 +descr: CAFE Informatique et telecommunications (defunct) +remarks: spamming bogon located in TG - formerly allocated to CAFE Informatique et telecommunications +country: TG + +aut-num: AS31133 +descr: PJSC MegaFon +remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage +country: RU + +aut-num: AS31732 +descr: Parsun Network Solutions Pty. Ltd. +remarks: Shady ISP located in AU, but some RIR data for announced prefixes contain garbage +country: AU + aut-num: AS34224 descr: Neterra Ltd. remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage country: BG +aut-num: AS34665 +descr: Petersburg Internet Network Ltd. +remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage +country: RU + aut-num: AS35042 descr: IP Interactive UG (haftungsbeschraenkt) remarks: ISP located in BG, but RIR data for announced prefixes contain garbage @@ -214,6 +259,16 @@ descr: NetOne Telecomunicacoes (defunct) remarks: spamming bogon located in or near Luanda, AO - formerly allocated to NetOne Telecomunicacoes country: AO +aut-num: AS37475 +descr: HTT Telecom S.A (defunct) +remarks: spamming bogon located in CM - formerly allocated to HTT Telecom S.A +country: CM + +aut-num: AS37529 +descr: Gestora de Infraestructuras de Telecomunicaciones de Guinea Ecuatorial +remarks: announces bogons out of GQ +country: GQ + aut-num: AS38197 descr: Sun Network (Hong Kong) Limited remarks: ISP located in HK (duh!), but some RIR data for announced prefixes contain garbage @@ -324,6 +379,11 @@ descr: KeonWoo PARK remarks: claims US for its prefixes announced, but traces back to KR country: KR +aut-num: AS45671 +descr: Servers Australia Pty. Ltd. +remarks: ISP located in AU, but some RIR data for announced prefixes contain garbage +country: AU + aut-num: AS45753 descr: Network and Security Solutions Limited remarks: ISP located in HK, but some RIR data for announced prefixes contain garbage @@ -414,6 +474,16 @@ descr: WhiteHat Inc. remarks: tampers with RIR data country: EU +aut-num: AS54600 +descr: PEG TECH INC +remarks: ISP and/or IP hijacker located in US this time, tampers with RIR data +country: US + +aut-num: AS55836 +descr: Reliance Jio Infocomm Limited +remarks: ISP located in IN, but some RIR data for announced prefixes contain garbage +country: IN + aut-num: AS55933 descr: Cloudie Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region @@ -629,6 +699,11 @@ descr: Cloud Servers Pvt Ltd remarks: ISP located in NL, all RIR data for announced prefixes contain garbage country: NL +aut-num: AS136384 +descr: Optix Pakistan (Pvt.) Limited +remarks: ISP located in PK, some RIR data for announced prefixes (bogons?) contain garbage +country: PK + aut-num: AS136800 descr: ICIDC NETWORK remarks: IP hijacker located somehwere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data @@ -651,7 +726,7 @@ country: AP aut-num: AS138195 descr: MOACK.Co.LTD -remarks: ISP located KR in, some RIR data for announced prefixes contain garbage +remarks: ISP located in KR, some RIR data for announced prefixes contain garbage country: KR aut-num: AS138571 @@ -901,7 +976,7 @@ country: NL aut-num: AS211849 descr: Kakharov Orinbassar Maratuly -remarks: ISP located in RU, but RIR data for announced prefixes contain garbage +remarks: ISP and/or IP hijacker located in RU, but RIR data for announced prefixes contain garbage country: RU aut-num: AS211992 @@ -959,6 +1034,11 @@ descr: IP Connect Inc. remarks: fake offshore location (SC), traces back to NL country: NL +aut-num: AS213296 +descr: SIA "Singularity Telecom" +remarks: Shady customer of AS31732 (Parsun Network Solutions Pty. Ltd.) located in AU, RIR data for announced prefixes contain garbage +country: AU + aut-num: AS262254 descr: DDOS-GUARD CORP. remarks: fake offshore location (BZ), traces back to RU @@ -969,6 +1049,11 @@ descr: Flyservers S.A. remarks: ISP located in NL, but RIR data for most announced prefixes contain garbage country: NL +aut-num: AS328383 +descr: xTom Limited +remarks: ISP located in ZA, RIR data for announced prefixes contain garbage +country: ZA + aut-num: AS328543 descr: Sun Network Company Limited remarks: IP hijacker, traces back to AP region @@ -979,6 +1064,11 @@ descr: Datapacket Maroc SARL remarks: bulletproof ISP (strongly linked to AS202425) located in NL country: NL +aut-num: AS394281 +descr: Xhostserver LLC +remarks: shady ISP located in US, some RIR data for announced prefixes contain garbage +country: US + aut-num: AS394380 descr: Leaseweb USA, Inc. remarks: ISP located in Dallas, TX, US, but some RIR data for announced prefixes contain garbage @@ -1149,6 +1239,11 @@ descr: PSINet, Inc. (PSI) / Cogent Communications remarks: Cogent IP range used in Europe, according to ARIN whois ("COGENT-EUROPEAN-OPERATIONS-001") country: EU +net: 156.0.200.0/22 +descr: xTom Limited +remarks: fake offshore locations (AQ / PN / SS), traces back to US +country: US + net: 178.239.20.0/24 descr: Anthony Marshall / Game Hosting Net / FlokiNET Ltd. remarks: fake location (BA), traces back to RO @@ -1249,6 +1344,11 @@ descr: NetConn Services Ltd remarks: APNIC chunk owned by a HK-based company, routed to AP region, but assigned to SC country: AP +net: 2a00:6340:c000::/34 +descr: Openfactory GmbH +remarks: ... who thinks assigning networks to AQ is funny :-/ +country: EU + net: 2402:e940:f00::/48 descr: Wind Cloud Network Technology Co Ltd. remarks: appears to be used out of Tokyo, JP @@ -1274,6 +1374,11 @@ descr: Sibyl System LTD remarks: RIR data contain garbage country: NL +net: 2a06:1281:5::/48 +descr: Alexander Nicholson +remarks: allocated to NO, but actually announced from FR +country: FR + net: 2a06:e80::/29 descr: Datashield, Inc. remarks: fake offshore location (SC), traces back to NL @@ -1284,6 +1389,11 @@ descr: Securebit AG remarks: ... who thinks assigning networks to unpopulated Bouvet Island (BV) is funny :-/ country: CH +net: 2a10:ccc0:3000::/40 +descr: Securebit AG +remarks: ... who thinks assigning networks to unpopulated Bouvet Island (BV) is funny :-/ +country: CH + net: 2a0e:b100:3000::/40 descr: 4b42 UG (haftungsbeschränkt) remarks: ... who thinks assigning networks to unpopulated Bouvet Island (BV) is funny :-/