From patchwork Fri Oct 30 11:54:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 3618 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CN12b40zdz3wgn for ; Fri, 30 Oct 2020 11:55:03 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CN12Z0fSNz1hS; Fri, 30 Oct 2020 11:55:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CN12X1pn0z2xq4; Fri, 30 Oct 2020 11:55:00 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CN12W1sZbz2xcM for ; Fri, 30 Oct 2020 11:54:59 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CN12T6KxQzpR for ; Fri, 30 Oct 2020 11:54:57 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1604058898; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vOpG4/iuhy4xjEKZuSFvcVFedK5ibskngwzhA39+5sw=; b=k6aPkbH+uhjePX2MzjbVaiwm/4s7muOCL9BHJlNJiNp44ssfRORjpyEXDB/V61xmPgY8gQ Jy47dwR5HGw9haBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1604058898; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vOpG4/iuhy4xjEKZuSFvcVFedK5ibskngwzhA39+5sw=; b=gDiNm6ba4URnJOqhTrZeBYGRTjiOQ40pyQgsSJ4t2todfwzhm76h5Q2RO87blsc/DlF1g/ FaqtGoOCibtadY3Em8ZC220YstiKxv+aKUEGtIDmpaQClroYxsknEcmOD5U2HrpuXiGea8 6gauXI9zVuceFbMhX0HrmD08zK2o+YAddHjlkfqmEdbU5t7X/XG/tzsOnGXCI1zSwbrTgq 96u/sEKi4WvbE6cqPVaTIZLi0RiwrUmW9VjI98WcU0jhr6d4XBy8rmVAIH8s38xDSEPowQ 5ooVKR4a+ueK9DvVnyN+u1MPc8aBZPxCELBcS2/LFCICxlyud+hF+p0wv3slPA== To: "IPFire: Location-List" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH 1/2] overrides/overrides-{a{1,3},other}: weekly batch of override updates Message-ID: Date: Fri, 30 Oct 2020 12:54:48 +0100 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" Signed-off-by: Peter Müller --- overrides/override-a1.txt | 10 ++++++++++ overrides/override-a3.txt | 5 +++++ overrides/override-other.txt | 15 +++++++++++++++ 3 files changed, 30 insertions(+) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index a9fdf96..5fb75cc 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -384,6 +384,11 @@ descr: VPN Consumer Network remarks: VPN provider is-anonymous-proxy: yes +net: 45.74.0.0/18 +descr: Secure Internet LLC +remarks: VPN provider +is-anonymous-proxy: yes + net: 45.151.115.0/24 descr: ikoProxies [high confidence, but not proofed] remarks: VPN provider located in NL @@ -545,6 +550,11 @@ descr: SecuredConnectivity remarks: VPN provider is-anonymous-proxy: yes +net: 69.171.214.0/24 +descr: icedoutproxies.com +remarks: VPN provider [high confidence, but not proofed] +is-anonymous-proxy: yes + net: 80.254.74.0/20 descr: Monzoon / SwissVPN remarks: VPN provider [high confidence, but not proofed] diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index eb17927..d98544f 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -50,6 +50,11 @@ descr: Canadian Internet Registration Authority (CIRA) remarks: Generic anycast network is-anycast: yes +aut-num: AS42388 +descr: ANEXIA Internetdienstleistungs GmbH +remarks: Public anycast DNS nameserver network [high confidence, but not proofed] +is-anycast: yes + aut-num: AS48550 descr: Pascal Mathis trading as SnapServ Mathis remarks: Generic anycast network diff --git a/overrides/override-other.txt b/overrides/override-other.txt index ce936aa..93e1780 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -23,6 +23,11 @@ descr: Yes Networks Unlimited Ltd remarks: traces to UA, but some RIR entries seem to contain garbage (VG) country: UA +aut-num: AS28098 +descr: ABGON Comunicaciones +remarks: ISP located in CL, but some RIR data for announced prefixes contain garbage (BZ) +country: CL + aut-num: AS35042 descr: IP Interactive UG (haftungsbeschraenkt) remarks: ISP located in BG, but RIR data for announced prefixes contain garbage @@ -53,11 +58,21 @@ descr: UKSERVERS remarks: ISP located in GB, but some RIR data for announced prefixes contain garbage country: GB +aut-num: AS44446 +descr: OOO SibirInvest +remarks: bulletproof ISP (related to AS204655), traces back to NL and BG +country: EU + aut-num: AS48090 descr: PPTECHNOLOGY LIMITED remarks: bulletproof ISP (related to AS204655) located in NL country: NL +aut-num: AS49505 +descr: Selectel +remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage +country: RU + aut-num: AS51558 descr: Smart Telecom S.A.R.L remarks: tampers with RIR data, traces back to RU From patchwork Fri Oct 30 11:55:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 3619 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CN13X4NS0z3whw for ; Fri, 30 Oct 2020 11:55:52 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CN13X2yD3z1Fg; Fri, 30 Oct 2020 11:55:52 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CN13X2QSSz2xq4; Fri, 30 Oct 2020 11:55:52 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CN13W0g2Qz2xlB for ; Fri, 30 Oct 2020 11:55:51 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CN13T5gr2z1Fg for ; Fri, 30 Oct 2020 11:55:49 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1604058950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8ZbQ2byCcM8aMMDUHeqn/6cLwjIgCJS+SiH85h2GLNg=; b=w1MpILOtRt6JQAuqSr1M554W6rztqWL6CWDyOTVvuqCTk42aenRx7DWhP9ZdAz+RNchNta 7U+AULfPTegC01BQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1604058950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8ZbQ2byCcM8aMMDUHeqn/6cLwjIgCJS+SiH85h2GLNg=; b=qjDRXPS8Z5yXC4GlhgkkOHV21KeWsk8eYbg8t3E8LOZA7W4kwIlW4DC4L6e/I7GBCGnEui 8JaBzb+xq/087lTGcuW+Au3eg/9LtiQthB0H82HNV+fqPlpjwuGjq4y92BaCrOHPJwqxZr uoJl5Ljbqh8Gt+NIOC/GJDv9Pg/vXUvhn1xZV/g1Wu0CxQ0HkbMPXM94PAU/yItv17RMOM MbnvXaYPUiJ9OrG1+yClhGyap64pdsgMW8L66ZxbjNTAn0E5rCUNDG/raf+ul0tS52wqyV 4Y/qwXIeGByTR8NICIzrFQzsTD7OZf8wL/vd0KIMkN08eCm/U5aqSy2x1NIiPA== Subject: [PATCH 2/2] overrides/override-{a{1,3},other}: add overrides for obviously bogus countries To: location@lists.ipfire.org References: From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Fri, 30 Oct 2020 12:55:48 +0100 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" Some people seem to think it is clever to locate their networks on unpopulated islands somewhere in the Atlantic Ocean (I think about rejecting or flagging those networks entirely), while others have registered letterboxes companies on St. Kitts and Nevis, the Seychelles, or elsewhere. While I personally consider this to be a good idea if you are in need of additional privacy, it would be nice if they could at least put in a country that makes sense - let it be EU or AP if they do not want to be tracked down further, I don't care. But BV is definitely not helping. :-/ Signed-off-by: Peter Müller --- overrides/override-a1.txt | 22 ++++++++++++++++++++++ overrides/override-a3.txt | 5 +++++ overrides/override-other.txt | 15 +++++++++++++++ 3 files changed, 42 insertions(+) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 5fb75cc..e81d6c2 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -87,6 +87,12 @@ remarks: VPN provider (claims PA or BZ for some prefixes, but they are all hos is-anonymous-proxy: yes country: CH +aut-num: AS54990 +descr: 1337 Services LLC +remarks: Tor relay and VPN provider, traces back to SE [high confidence, but not proofed] +is-anonymous-proxy: yes +country: SE + aut-num: AS53559 descr: KST Networks / ANONYMIZER remarks: VPN provider [high confidence, but not proofed] @@ -810,6 +816,12 @@ descr: IPNET-VPNS remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes +net: 169.239.152.0/22 +descr: AfriVPN Ltd +remarks: VPN provider, traces back to ZA +is-anonymous-proxy: yes +country: ZA + net: 171.25.193.0/24 descr: DFRI remarks: Tor relay provider @@ -1444,3 +1456,13 @@ net: 2a0b:f4c0::/29 descr: Zwiebelfreunde e.V. / F3 Netze e.V. remarks: Tor relay provider is-anonymous-proxy: yes + +net: 2a0c:3b80::/29 +descr: 4b42 UG / Securebit Network / Tunnelbroker Network Sandefjord +remarks: large IP chunk mostly used by VPN providers +is-anonymous-proxy: yes + +net: 2c0f:f930::/32 +descr: Cyberdyne S.A. +remarks: Tor relay provider +is-anonymous-proxy: yes diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index d98544f..924c859 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -630,6 +630,11 @@ descr: Kantonsschule Zug remarks: Generic anycast network is-anycast: yes +net: 129.232.248.0/24 +descr: xneeloner DNS Anycast +remarks: Generic anycast network +is-anycast: yes + net: 130.185.120.0/24 descr: Softqloud GmbH remarks: Generic anycast network diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 93e1780..d4c3f5b 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -38,6 +38,11 @@ descr: Fiber Grid Inc. remarks: tampers with RIR data, traces back to SE country: SE +aut-num: AS39287 +descr: ab stract / Peter Kolmisoppi +remarks: tampers with RIR data, traces back to SE +country: SE + aut-num: AS40034 descr: Confluence Networks Inc. remarks: fake offshore location (VG), traces back to Austin, TX, US @@ -118,6 +123,11 @@ descr: IP Volume Inc. remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL country: NL +aut-num: AS202492 +descr: SILVERHILL GROUP HOLDING LTD / SAKIS POLUNIGIS +remarks: fake offshore location (SC), traces back to NL +country: NL + aut-num: AS204655 descr: Novogara Ltd. remarks: bulletproof ISP (strongly linked to AS202425) located in NL @@ -213,6 +223,11 @@ descr: Amarutu Technology Ltd. / KoDDoS / ESecurity remarks: fake offshore location (BZ), traces back to US country: US +net: 185.193.124.0/22 +descr: ab stract / Njalla +remarks: bogus RIR data pointing to the unpopulated Bouvet Island (BV), suballocations trace back to SE +country: SE + net: 185.244.29.0/24 descr: NINAZU VPN Service / Gerber EDV / David Craig remarks: bulletproof ISP, fake location (SC), traces back to GB