From patchwork Mon Nov 16 15:58:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 3662 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CZYf13Ty7z3wlJ for ; Mon, 16 Nov 2020 15:58:49 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CZYf10s1yzsm; Mon, 16 Nov 2020 15:58:49 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CZYf06FG3z2xGQ; Mon, 16 Nov 2020 15:58:48 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CZYdz5f3Fz2xhq for ; Mon, 16 Nov 2020 15:58:47 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CZYdx3hNdzsm for ; Mon, 16 Nov 2020 15:58:44 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1605542326; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1g082Vg87KYFiMJZhbqmWKUZwTTpiqfjqg7Eci12kf4=; b=a1D4Wmx/l5cRRn2p0/y6oBFnQJSJkjCbd2d/gZW9ba7cQR2+sVGeMSvzmhFsVZgBnKF0Bn ZjvUaBJGGVWKzsDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1605542326; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1g082Vg87KYFiMJZhbqmWKUZwTTpiqfjqg7Eci12kf4=; b=LksJjNVcB/MQVeB1OM+rogOKbktyZbsK3Cmd87xMQ1gKkLwVUEwJlMU0BQ2HHYQrcLz2/e lYXyjegDcYzJtJbZFc9GvxvvlSz+URO9b9SZ6BLKopq78GTmm3pFYG3CeWo5mTl9p4bnXu uMID9WMN+xFYX4MZJSGivrgIK9hQLYSstpsBxafthxMsjz3Dy9dRRbyjdhJHks4bQBPf/X RlQBPtghEXxCj1rp3K8G7fzelz+ddwUtByXnw5XR5NDsbasuB4UT7k6eHjS74ZcOw02Dha WZuwIoAJXnqdET49q/1rxhK/DtWs2OdFYM/UtvMbMN4zEdxfbpuxvUzMhYH7eg== To: "IPFire: Location-List" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH] override-{a[1-3],other}: regular batch of various overrides Message-ID: <694bffc0-218c-2d54-8116-12d9cbdde239@ipfire.org> Date: Mon, 16 Nov 2020 16:58:31 +0100 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" Since the "Asline" IP hijacking gang tampers with RIR data, probably to evade location based firewall rules, their Autonomous Systems were pinned to the AP region (the given Hong Kong contact address seems to be bogus for at least one /16 stolen AFRINIC chunk) for safety reasons. Signed-off-by: Peter Müller --- overrides/override-a1.txt | 25 +++++++++++++++---------- overrides/override-a2.txt | 12 ++++++++++++ overrides/override-a3.txt | 5 +++++ overrides/override-other.txt | 35 +++++++++++++++++++++++++++++++++++ 4 files changed, 67 insertions(+), 10 deletions(-) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index e81d6c2..7aca339 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -596,16 +596,6 @@ descr: ThinkTech Technology Industrial CO. Limited remarks: VPN provider is-anonymous-proxy: yes -net: 94.199.160.0/23 -descr: MIK Telecom VPN pool -remarks: VPN provider -is-anonymous-proxy: yes - -net: 95.129.56.0/21 -descr: Azimut-R VPN Service -remarks: VPN provider -is-anonymous-proxy: yes - net: 91.193.75.0/24 descr: KGB Hosting d.o.o. / David Craig remarks: (Rogue) VPN provider @@ -616,6 +606,21 @@ descr: Privax LTD remarks: VPN provider is-anonymous-proxy: yes +net: 92.118.39.0/24 +descr: CloudMine NET +remarks: VPN provider [high confidence, but not proofed] +is-anonymous-proxy: yes + +net: 94.199.160.0/23 +descr: MIK Telecom VPN pool +remarks: VPN provider +is-anonymous-proxy: yes + +net: 95.129.56.0/21 +descr: Azimut-R VPN Service +remarks: VPN provider +is-anonymous-proxy: yes + net: 95.154.64.0/18 descr: Octopusnet VPN remarks: VPN provider diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt index 8f03159..a55c940 100644 --- a/overrides/override-a2.txt +++ b/overrides/override-a2.txt @@ -152,6 +152,12 @@ descr: Arab Satellite Communications Organization remarks: Satellite Internet provider is-satellite-provider: yes +aut-num: AS42962 +descr: CoreLink Communications +remarks: Chinese satellite Internet provider [high confidence, but not proofed] +is-satellite-provider: yes +country: AP + aut-num: AS43905 descr: Telenor Satellite AS remarks: Satellite Internet provider @@ -1616,3 +1622,9 @@ net: 2a04:2880::/30 descr: Satellite Solutions Worldwide Ltd remarks: Satellite Internet provider is-satellite-provider: yes + +net: 2a0a:2840::/29 +descr: CoreLink Communications +remarks: Chinese satellite Internet provider [high confidence, but not proofed] +is-satellite-provider: yes +country: AP diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index 924c859..07b2621 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -1527,6 +1527,11 @@ descr: marbis GmbH remarks: Generic anycast network [high confidence, but not proofed] is-anycast: yes +net: 2a05:7f00::/29 +descr: nic.at GmbH and friends +remarks: TLD operator's anycast network +is-anycast: yes + net: 2a06:e881:4001::/48 descr: Thomas Harwood remarks: Public anycast DNS resolver diff --git a/overrides/override-other.txt b/overrides/override-other.txt index d4c3f5b..98ea79b 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -18,6 +18,16 @@ descr: Iron Mountain Data Center remarks: ISP located in US, but some RIR data for announced prefixes contain garbage country: US +aut-num: AS18013 +descr: ASLINE LIMITED +remarks: IP hijacker, traces back to AP region +country: AP + +aut-num: AS18254 +descr: KLAYER LLC +remarks: part of the "Asline" IP hijacking gang, traces back to AP region +country: AP + aut-num: AS24700 descr: Yes Networks Unlimited Ltd remarks: traces to UA, but some RIR entries seem to contain garbage (VG) @@ -33,6 +43,11 @@ descr: IP Interactive UG (haftungsbeschraenkt) remarks: ISP located in BG, but RIR data for announced prefixes contain garbage country: BG +aut-num: AS35478 +descr: Buena Telecom SRL +remarks: ISP located in RO, but RIR data for announced prefixes contain garbage +country: RO + aut-num: AS37518 descr: Fiber Grid Inc. remarks: tampers with RIR data, traces back to SE @@ -73,6 +88,11 @@ descr: PPTECHNOLOGY LIMITED remarks: bulletproof ISP (related to AS204655) located in NL country: NL +aut-num: AS49466 +descr: KLAYER LLC +remarks: part of the "Asline" IP hijacking gang, traces back to AP region +country: AP + aut-num: AS49505 descr: Selectel remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -108,6 +128,11 @@ descr: DXTL Tseung Kwan O Service remarks: tampers with RIR data, traces back to AP region country: AP +aut-num: AS137951 +descr: Clayer Limited +remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region +country: AP + aut-num: AS201133 descr: Verdina Ltd. remarks: ISP located in BG, but RIR data for announced prefixes contain garbage @@ -138,6 +163,11 @@ descr: Altrosky Technology Ltd. remarks: fake offshore location (SC), traces back to CZ and NL country: EU +aut-num: AS208046 +descr: Maximilian Kutzner trading as HostSlick +remarks: traces back to NL, but some RIR data for announced prefixes contain garbage +country: NL + aut-num: AS209132 descr: Alviva Holding Limited remarks: ISP located in BG, but RIR data for announced prefixes contain garbage @@ -158,6 +188,11 @@ descr: IP Connect Inc. remarks: fake offshore location (SC), traces back to NL country: NL +aut-num: AS398478 +descr: PEG TECH INC +remarks: ISP located in HK, tampers with RIR data +country: HK + net: 5.252.32.0/22 descr: StormWall s.r.o. remarks: claims to be located in DE, but traces back to somewhere else in central Europe