From patchwork Fri Aug 6 15:06:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4616 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Gh82t2QHQz3xGs for ; Fri, 6 Aug 2021 15:07:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Gh82s5xmkz14b; Fri, 6 Aug 2021 15:07:01 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Gh82s47FTz2xPJ; Fri, 6 Aug 2021 15:07:01 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Gh82q4x5Mz2xNW for ; Fri, 6 Aug 2021 15:06:59 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Gh82p33Zxz14b for ; Fri, 6 Aug 2021 15:06:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1628262418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9BBw9DTweEb+lgJ0YjXhfQShLvJ9JvTprvz+GUu93Aw=; b=iD9wAlSR+3PzU/dYrlpQDMZI+/ttuEX22cZnrE7K7XKILNDaYJ7YJMk5aWsLFzywi2DOhU xjlGlee+GHJYe/m9HSpkkZf4oxt8IaI1uMAWiL9mECS2xP29p/doDG75/dNmjTaOVYy5D8 +9hTQ+AQR4HYihkIf1WtvoxDC+/ywgO/4eG1NfJ7xoyFu8NZN/2GAyKUVSrYCFyEwmwU6b EvIDXE1f4Ap6XmTflyL/mbUACOjTxuAJ9YT7QWIFB7gG7GcillLmMu0r62kqkk7kNBX6Ne tN0Vil4bOZoadxl62sXUyWK4hbwpqZ7hK3EnmkzOopfPi1rMxzG1/11uLx8ybw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1628262418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9BBw9DTweEb+lgJ0YjXhfQShLvJ9JvTprvz+GUu93Aw=; b=dTkKCmv4f+fiKMm66+luzSpTWihxFyPsh0pKdHkTkX/Z5NyIibgHrvhBJJhHaPFidVsZn5 GUBriqaBwWibMhAw== To: "IPFire: Location" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH 1/2] overrides: regular batch of various overrides Message-ID: <4349f4fb-29b6-8fc4-0e96-7d94c5feb0d0@ipfire.org> Date: Fri, 6 Aug 2021 17:06:56 +0200 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" This includes sane AS names for some Autonomous Systems whose operators did not set helpful ones in the corresponding RIR DB. Signed-off-by: Peter Müller --- overrides/override-a2.txt | 9 +++-- overrides/override-a3.txt | 6 ++++ overrides/override-other.txt | 66 +++++++++++++++++++++++++++++++++--- 3 files changed, 73 insertions(+), 8 deletions(-) diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt index 4aac6ea..502948f 100644 --- a/overrides/override-a2.txt +++ b/overrides/override-a2.txt @@ -420,18 +420,21 @@ is-satellite-provider: yes aut-num: AS198381 descr: YahClick / Star Satellite Communications Company - PJSC -remarks: Satellite Internet provider +remarks: Satellite Internet provider, RIR data indicates prefixes are hosted in ES is-satellite-provider: yes +country: ES aut-num: AS198394 descr: YahClick / Star Satellite Communications Company - PJSC -remarks: Satellite Internet provider +remarks: Satellite Internet provider, RIR data indicates prefixes are hosted in GR is-satellite-provider: yes +country: GR aut-num: AS198504 descr: YahClick / Star Satellite Communications Company - PJSC -remarks: Satellite Internet provider +remarks: Satellite Internet provider, RIR data indicates prefixes are hosted in LU is-satellite-provider: yes +country: LU aut-num: AS201554 descr: SES Germany GmbH diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index 3c38b69..d810d93 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -177,6 +177,12 @@ descr: Hybula B.V. remarks: Generic anycast network is-anycast: yes +aut-num: AS57724 +descr: DDOS-GUARD LTD +remarks: shady CDN, customers massively tampers with RIR data, we cannot trust this network +is-anycast: yes +country: RU + aut-num: AS57926 descr: SafeDNS, Inc. remarks: Public anycast DNS resolver network [high confidence, but not proofed] diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 454d1d5..045b515 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -13,6 +13,18 @@ # Please keep this file sorted. # +aut-num: AS1739 +as-name: Tampere University of Technology +remarks: has no sane AS name set in RIPE DB + +aut-num: AS1768 +as-name: NCNIC +remarks: has no sane AS name set in APNIC DB + +aut-num: AS1769 +as-name: NCNIC +remarks: has no sane AS name set in APNIC DB + aut-num: AS1820 descr: WNET TELECOM USA Corp. remarks: traces back to various locations in UA, seems to tamper with RIR data @@ -28,6 +40,22 @@ descr: Dimension Data remarks: ISP (?) located in ZA, but some RIR data for announced prefixes contain garbage country: ZA +aut-num: AS4134 +as-name: Chinanet Backbone +remarks: has no sane AS name set in APNIC DB + +aut-num: AS4754 +as-name: Software Technology Park of India +remarks: has no sane AS name set in APNIC DB + +aut-num: AS4800 +as-name: Indonesia Network Information Center +remarks: has no sane AS name set in APNIC DB + +aut-num: AS4814 +as-name: China169 Beijing Broadband Network +remarks: has no sane AS name set in APNIC DB + aut-num: AS4842 descr: Tianhai InfoTech remarks: IP hijacker located somewhere in AP, massively tampers with RIR data @@ -38,6 +66,10 @@ descr: XNNET LLC remarks: traces back to an unknown oversea location (HK?), seems to tamper with RIR data country: AP +aut-num: AS6412 +as-name: Zajil International Telecom Company +remarks: has no sane AS name set in RIPE DB + aut-num: AS7203 descr: Leaseweb USA, Inc. remarks: ISP located in US, but some RIR data for announced prefixes contain garbage @@ -68,6 +100,10 @@ descr: ASLINE LIMITED remarks: IP hijacker, traces back to AP region country: AP +aut-num: AS18185 +as-name: Northern Taiwan Community University +remarks: has no sane AS name set in APNIC DB + aut-num: AS18254 descr: KLAYER LLC remarks: part of the "Asline" IP hijacking gang, traces back to AP region @@ -128,6 +164,11 @@ descr: Leaseweb USA, Inc. remarks: ISP located in US, but some RIR data for announced prefixes contain garbage (BZ) country: US +aut-num: AS30823 +descr: combahton GmbH +remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage +country: DE + aut-num: AS34224 descr: Neterra Ltd. remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage @@ -168,6 +209,11 @@ descr: Silverstar Invest Limited remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU +aut-num: AS37155 +descr: NetOne Telecomunicacoes (defunct) +remarks: spamming bogon located in or near Luanda, AO - formerly allocated to NetOne Telecomunicacoes +country: AO + aut-num: AS38197 descr: Sun Network (Hong Kong) Limited remarks: ISP located in HK (duh!), but some RIR data for announced prefixes contain garbage @@ -268,6 +314,11 @@ descr: IP Oleinichenko Denis remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU +aut-num: AS44592 +descr: Skylink Data Center BV +remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage +country: NL + aut-num: AS44992 descr: KeonWoo PARK remarks: claims US for its prefixes announced, but traces back to KR @@ -318,6 +369,11 @@ descr: Selectel remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU +aut-num: AS49612 +descr: DDoS Guard Ltd. / Cognitive Cloud LLP +remarks: another shady customer or branch of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU +country: EU + aut-num: AS49921 descr: F.I.H. FORMULA INVESTMENT HOUSE CLEARING LIMITED remarks: claims GR for announced prefixes, but traceroutes dead-end somewhere else in EU @@ -388,11 +444,6 @@ descr: FiberXpress BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL -aut-num: AS57724 -descr: DDOS-GUARD LTD -remarks: shady ISP, customers massively tamper with RIR data, we cannot trust this network -country: RU - aut-num: AS57756 descr: Telefonica LLC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -643,6 +694,11 @@ descr: Wujidun Network Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region country: AP +aut-num: AS140941 +descr: Full Time Hosting +remarks: ISP located in DE, tampers with RIR data +country: DE + aut-num: AS196682 descr: FLP Kochenov Aleksej Vladislavovich remarks: ISP located in UA, but RIR data for announced prefixes all say EU From patchwork Fri Aug 6 15:07:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4617 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Gh83D6SkWz3xGs for ; Fri, 6 Aug 2021 15:07:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Gh83D4v0zz2B0; Fri, 6 Aug 2021 15:07:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Gh83D4VBGz2xbJ; Fri, 6 Aug 2021 15:07:20 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Gh83C3WL2z2xPJ for ; Fri, 6 Aug 2021 15:07:19 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Gh83B3jqyz2B0 for ; Fri, 6 Aug 2021 15:07:18 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1628262438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iACexu1CHcOhhgBqtRhIWjm9xXhI5sUSF8i5X7/KjCo=; b=aiozDuiApPeUBGzvA6EyGOOR7JOulY9V9wQQLeJ6bRvZTx0aiAzUe03FWX+oSMxa75nPOz 9WZSa/yV9zDo8mDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1628262438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iACexu1CHcOhhgBqtRhIWjm9xXhI5sUSF8i5X7/KjCo=; b=gNqlHolMp2V6W4OSB2rmKsorucs8YzEik5vYtIbapcKw0gwhLphjzNQ2tln2Rbh4cIxTo8 AEbnGfI2ga55l4XZoyYL68ONBAX9J25Y81Ruynhiopt67+0iiZp0a9cgUUSCV322UnLDSl o8VbtDLn5sFLTBCRYR+i3XZH8ak18ZXApWYeCaeEdvxYOnryLSIbgnNeVKjkiQ60DjK5Pr d+5pVIkLHn/XfFk8TYWSXEJl+TEIMSn3LwL4Ut/H0wNt4garCfx0qLr0FrqHVThQ9p3ksu zjOIMTNoGuNYggG1vv1nChr1OeqfqokaUZrR9eaFUHoQ/gfwWSRjMqZgEaBFDA== Subject: [PATCH 2/2] overrides: clarify file contents and policies To: location@lists.ipfire.org References: <4349f4fb-29b6-8fc4-0e96-7d94c5feb0d0@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Fri, 6 Aug 2021 17:07:17 +0200 MIME-Version: 1.0 In-Reply-To: <4349f4fb-29b6-8fc4-0e96-7d94c5feb0d0@ipfire.org> Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" This patch updates the disclaimer blocks at the beginning of the override-*.txt files, to be more accurate and helpful to people wishing to propose changes to them. In addition, a remark regarding the A[1-3] country codes has been added. Signed-off-by: Peter Müller --- overrides/override-a1.txt | 26 ++++++++++++++++---------- overrides/override-a2.txt | 20 ++++++++++++++------ overrides/override-a3.txt | 20 +++++++++++++++----- overrides/override-other.txt | 26 ++++++++++++++++++-------- 4 files changed, 63 insertions(+), 29 deletions(-) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 284c3e8..77d5b08 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -1,19 +1,25 @@ # # override-a1 [.txt] # -# This file contains Autonomous Systems (AS) or IP networks/adresses -# which are - in fact or with a high level of confidence - anonymous -# proxies (special country code: A1). +# This file contains Autonomous Systems and IP networks used - in fact or with reasonable +# confidence - for publicly available services for forwarding traffic anonymously, such as +# VPN providers. # -# Since it does not make sense to assign them to a county, they -# will be flagged as "A1" in the database. +# While their country code set is preserved in libloc - unless utterly bogus -, it does not +# actually make sense to assign these to a distinct country. Therefore, they will be flagged +# as "anonymous proxies" in libloc query results. # -# Although we do not consider them to be bad entirely, they might -# be unwanted in certain scenarios. +# For historical reasons, parts of IPFire's web interface use "A1" as a country code for them. +# This violates ISO 3166, and might be changed to a different country code inside a reserved +# range in the future. # -# Please note only long-living Tor relay providers with static IPs -# are listed here, as the list of all Tor relays will be dynamically -# generated by another script. +# At the moment, major Tor exit relay providers are included here as well. They will be dropped +# from this file in the future, as soon as bug #11754 has been solved and a list of Tor exit +# relays is imported dynamically while compiling the database. +# +# Improvement suggestions are appreciated, please submit them as patches to the location mailing +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact +# for further information. # # Please keep this file sorted. # diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt index 502948f..223b4df 100644 --- a/overrides/override-a2.txt +++ b/overrides/override-a2.txt @@ -1,13 +1,21 @@ # # override-a2 [.txt] # -# This file contains Autonomous Systems (AS) or IP networks/addresses -# which are - in fact or with a high level of confidence - belonging -# to satellite network providers (special country code: A2). +# This file contains Autonomous Systems and IP networks used - in fact or with reasonable +# confidence - for customers or dial-in pools of satellite-based internet services. # -# Since a satellite uplink connection is possible from almost -# anywhere in the world, it does not make sense to assign them to a -# specific country. They will be flagged as "A2" in the database. +# While their country code set is preserved in libloc - unless utterly bogus -, it does not +# actually make sense to assign these to a distinct country, since a satellite connection is +# possible from virtually any place in the world. Therefore, they will be flagged as "satellite +# providers" in libloc query results. +# +# For historical reasons, parts of IPFire's web interface use "A2" as a country code for them. +# This violates ISO 3166, and might be changed to a different country code inside a reserved +# range in the future. +# +# Improvement suggestions are appreciated, please submit them as patches to the location mailing +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact +# for further information. # # Please keep this file sorted. # diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index d810d93..b07d4b8 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -1,12 +1,22 @@ # # override-a3 [.txt] # -# This file contains Autonomous Systems (AS) or IP networks/addresses -# which are - in fact or with a high level of confidence - believed -# to be worldwide anycast instances (special country codes: A3). +# This file contains Autonomous Systems and IP networks used - in fact or with reasonable +# confidence - for worldwide anycast services. # -# It does not make sense to assign them to a certain country, they -# will be flagged as "A3" in the database. +# While their country code set is preserved in libloc - unless utterly bogus -, it does not +# make sense to assign these to a distinct country. Therefore, they will be flagged as "anycast" +# in libloc query results. +# +# For historical reasons, parts of IPFire's web interface use "A3" as a country code for them. +# This violates ISO 3166, and might be changed to a different country code inside a reserved +# range in the future. +# +# Improvement suggestions are appreciated, please submit them as patches to the location mailing +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact +# for further information. +# +# Please keep this file sorted. # aut-num: AS69 diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 045b515..d232fc6 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -1,14 +1,24 @@ # -# override-other [.txt] +# override-a3 [.txt] # -# This file contains Autonomous Systems (AS) or IP networks/addresses -# whose country information in corresponding RIR data is believed or proven -# to be invalid or inaccurate and which do not match to one of the special categories -# A[1-3]. +# This file contains Autonomous Systems and IP networks whose RIR data are believed to be inaccurate, +# incomplete, or bogus on purpose and by chance. A small subset of its entries applies to AS descriptions, +# while the majority covers country code assignments. # -# Such networks might be legitimate (poorly maintained WHOIS data), shady -# (networks owned by letterbox companies in offshore jurisdictions) or -# hostile (faked RIR data in order to bypass location-based filtering). +# The latter are crucial due to location-based firewalling or routing. Inaccurate country code assignments +# therefore pose a security threat to these users, especially if being set intentionally to circumvent such +# filters. +# +# The term "Location" may refer to the actual, physical location of a network (usually hard to enumerate +# beyond a country-level), or its jurisdiction. To the best of our knowledge, the contents of "country"-fields +# in RIR databases were never clarified in this conext. +# +# When in doubt, the physical location of a network will be used below, especially if the jurisdiction of a +# network appears to be not helpful at all, such as offshore letterbox companies on the other end of the world. +# +# Improvement suggestions are appreciated, please submit them as patches to the location mailing +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact +# for further information. # # Please keep this file sorted. #