From patchwork Fri Dec 3 11:28:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4893 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4J59YK6fQmz3wt5 for ; Fri, 3 Dec 2021 11:28:05 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4J59YK1jhSz2MN; Fri, 3 Dec 2021 11:28:05 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4J59YJ4MXsz2xbS; Fri, 3 Dec 2021 11:28:04 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4J59YJ0Lcmz2xXY for ; Fri, 3 Dec 2021 11:28:04 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4J59YH2fZtzdl for ; Fri, 3 Dec 2021 11:28:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1638530883; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ma1qSwzbU3NQDGZE9+E3fkze7HeyQ8Wa3ACpDlahwzk=; b=YuLnGMYmqL/a1O4zssGVKclU6T9j/+9ljetmHq4Kgik1A/l5CazIRw5+F0vfwnaIPA3NSH f30Veb/ZBy2VKxaqa3wcnLbY2KHbSWcStXKbtIFfZoArrZR7X+SFcl2hC7/LsQd2XIjKSl T8eThV3ocTMoNhdVQMv66DXKW7NoshiygunwWysHFNht0Al9B0hci3pdrXb3neO7r90rVK XTta5FCz6/caFyHir6dG9e16Qp6wyXse6Ni78UYEOuMc7AFrlxyGnmu0rPeMDwVppcK6ZX aDJzzbOqDqVHZgeQrOYUmIpsMixSwX6RVONAHjrTV3kx61L1yYHz/NoYbwxfoQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1638530883; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ma1qSwzbU3NQDGZE9+E3fkze7HeyQ8Wa3ACpDlahwzk=; b=1feiX/juAmDTPm67aNTH1YFr6TU6RVvZF2uFmKIW24gvhtF+bNPoz4AeM0P/zL4vCYmLFu Amt20Q4tUtkVBcCg== To: "IPFire: Location" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH 1/4] override-other: Clarify file description and fix typos Message-ID: <3541e51b-9697-1058-9997-c72e2e9bdd5b@ipfire.org> Date: Fri, 3 Dec 2021 12:28:00 +0100 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" Signed-off-by: Peter Müller --- overrides/override-other.txt | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/overrides/override-other.txt b/overrides/override-other.txt index dab86a0..1d8d1d1 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -1,5 +1,5 @@ # -# override-a3 [.txt] +# override-other [.txt] # # This file contains Autonomous Systems and IP networks whose RIR data are believed to be inaccurate, # incomplete, or bogus on purpose and by chance. A small subset of its entries applies to AS descriptions, @@ -9,13 +9,17 @@ # therefore pose a security threat to these users, especially if being set intentionally to circumvent such # filters. # -# The term "Location" may refer to the actual, physical location of a network (usually hard to enumerate +# The term "location" may refer to the actual, physical location of a network (usually hard to enumerate # beyond a country-level), or its jurisdiction. To the best of our knowledge, the contents of "country"-fields -# in RIR databases were never clarified in this conext. +# in RIR databases were never clarified in this context. # # When in doubt, the physical location of a network will be used below, especially if the jurisdiction of a # network appears to be not helpful at all, such as offshore letterbox companies on the other end of the world. # +# In case an AS or IP network is also flagged (A[1-3], XD), the necessary directives should not go into +# this file, but rather into overrides-{a[1-3],xd}.txt - overrides-other.txt should always be the last +# preference, to keep things tidy. +# # Improvement suggestions are appreciated, please submit them as patches to the location mailing # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact # for further information. From patchwork Fri Dec 3 11:28:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4894 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4J59Yg6kCyz3wt5 for ; Fri, 3 Dec 2021 11:28:23 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4J59Yg562Fzdl; Fri, 3 Dec 2021 11:28:23 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4J59Yg4kksz2xbS; Fri, 3 Dec 2021 11:28:23 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4J59Yg0lcbz2xR4 for ; Fri, 3 Dec 2021 11:28:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4J59Yf36G2zdl for ; Fri, 3 Dec 2021 11:28:22 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1638530902; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9TJUVih1zql7ObxZn8gR+3TJ2VK8NnryFjlbimMzRe8=; b=GiOAdp1r1vPesXudD+9rFRDD6iHm/gbUL3KEyWkUY1uwLA2J1L/u5nnBk+Pc8GxC6ebgv1 4FuTx3Yu8aZpkaBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1638530902; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9TJUVih1zql7ObxZn8gR+3TJ2VK8NnryFjlbimMzRe8=; b=vZ1aOzivF8axF6pvti28aHgYXWT//E/Y7EPcM8dlvwKyvtMeGs3Z8Ve4L/P97dJ2soVhkZ c9VuqnaeSDab2f97pSQ/uVbzyHsxDtch6sfqOaycNTIP54qQw+JdqRDrfqJ+2+bKTWT/6s 3HApHHSN8sVyLJT0QTsP8koxDup7JcHrLh+C0KIzZhgDi4B7Ds4wSspYAb3R2l2oJymjx6 snntkwZdogmYC+JrAXQGGv0Lcv+Qp1NPhnsfZ94PzALYTpmQg1h0s+m6q2KweixjkQqKRM G6cTw0iGOGvSJeUNzcz4WE3OqKjl7czbUVhWJUSTUQXLMl8yPrIK+7x9uwdIYw== Subject: [PATCH 2/4] override-xd: Initial commit To: location@lists.ipfire.org References: <3541e51b-9697-1058-9997-c72e2e9bdd5b@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Fri, 3 Dec 2021 12:28:21 +0100 MIME-Version: 1.0 In-Reply-To: <3541e51b-9697-1058-9997-c72e2e9bdd5b@ipfire.org> Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" Signed-off-by: Peter Müller --- overrides/override-xd.txt | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 overrides/override-xd.txt diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt new file mode 100644 index 0000000..8318b49 --- /dev/null +++ b/overrides/override-xd.txt @@ -0,0 +1,27 @@ +# +# override-xd [.txt] +# +# This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile, +# posing a _technical_ threat against libloc users in general and/or IPFire users in particular. +# +# libloc neither was intended to be an "opinionated" database, nor should it become that way. Please +# refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special +# flag for hostile networks. +# +# Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to +# host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof" +# hosting space for cybercrime infrastructure. +# +# This file should not contain short-lived threats being hosted within legitimate infrastructures, as +# libloc it neither intended nor suitable to protect against such threats in a timely manner - by default, +# clients download a new database once a week. +# +# Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed +# here. +# +# Improvement suggestions are appreciated, please submit them as patches to the location mailing +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact +# for further information. +# +# Please keep this file sorted. +# From patchwork Fri Dec 3 11:28:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4895 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4J59Z20D3rz3wt5 for ; Fri, 3 Dec 2021 11:28:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4J59Z15VCsznC; Fri, 3 Dec 2021 11:28:41 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4J59Z156l5z2xbS; Fri, 3 Dec 2021 11:28:41 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4J59Z06Bjmz2xR4 for ; Fri, 3 Dec 2021 11:28:40 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4J59Z00zyVznC for ; Fri, 3 Dec 2021 11:28:39 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1638530920; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qRgApqYRLCGWZCYxLKbkwFHiK7O3CuSntoGF4Fd33mI=; b=irc+nmIWs0cq+L15+Wyp+ACV6enRIDRN7ZezxDY8ElhicK89bKCbeLqtu63Tma86pb34M6 1oAbi75WIW4YpBCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1638530920; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qRgApqYRLCGWZCYxLKbkwFHiK7O3CuSntoGF4Fd33mI=; b=a/83Kmk/1GP3CMraWLV/72Rd88aezsCEaA1IncH/mYctPaOdIogs8M7XfmIrz0XEQC2zmN Z/M8uJtgQ146uojlSbEGXlCouQOuzLFToTtoDFgRwIBHbXEqVZ5RrwWQB2++Ws4sh1lJ+m P9SmqLNNGBfsdaIj/FLFbtnCWbbY40HAh7I9yKT4y1NOagM51OTSrV/Uv9I1nWN1djtueI msKCtmEa4ysERRLOQbQJRWhEgOBk/h3Ja3IHohdgh3rszD3TIFCxYXWCZXkGUrdKUZ8men uxVEIGy4ZJgYZ1g65Sl1Rc0JuTKnOHUSxTA1AVepSdC7XHDJzXyWz8IIiOIjcg== Subject: [PATCH 3/4] override-other: Regular batch of various overrides To: location@lists.ipfire.org References: <3541e51b-9697-1058-9997-c72e2e9bdd5b@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <1f24cd07-ba48-640b-6c7f-5d859ab61efc@ipfire.org> Date: Fri, 3 Dec 2021 12:28:38 +0100 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" Signed-off-by: Peter Müller --- overrides/override-other.txt | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 1d8d1d1..6d2aa52 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -433,6 +433,11 @@ descr: Digital Energy LLC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU +aut-num: AS43847 +descr: NbIServ +remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage +country: DE + aut-num: AS44015 descr: Landgard Management Inc. remarks: bulletproof ISP with strong links to RU @@ -488,6 +493,11 @@ descr: ADM Service Ltd. remarks: traces back to Vilnius, LT country: LT +aut-num: AS49017 +descr: GAIJIN NETWORK LTD +remarks: fake offshore location (CY), traces back to RU +country: RU + aut-num: AS49392 descr: LLC Baxet remarks: tampers with RIR data, traces back to RU @@ -628,6 +638,11 @@ descr: YISP BV remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage country: NL +aut-num: AS58181 +descr: ULTRANEX LTD +remarks: fake offshore location (CY), hosted in NL +country: NL + aut-num: AS58271 descr: FOP Gubina Lubov Petrivna remarks: bulletproof ISP operating from a war zone in eastern UA @@ -688,6 +703,11 @@ descr: Inter Connects Inc. / Jing Yun remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks country: SE +aut-num: AS60546 +descr: EU Routing Ltd +remarks: fake offshore location (CY), hosted in NL +country: NL + aut-num: AS60721 descr: Bursabil Teknoloji A.S. remarks: ISP located in TR, but many RIR data for announced prefixes contain garbage @@ -908,6 +928,11 @@ descr: Galaxy Broadband remarks: ISP located in PK, but announces 204.137.128.0/18, which is ARIN space, assigned to "AGIS" / Cogent - odd... country: PK +aut-num: AS140224 +descr: White-Sand Cloud Computing(HK) Co., LIMITED +remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region +country: AP + aut-num: AS140227 descr: Hong Kong Communications International Co., Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region From patchwork Fri Dec 3 11:28:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4896 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4J59ZQ10LBz3wt5 for ; Fri, 3 Dec 2021 11:29:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4J59ZP5xGSznC; Fri, 3 Dec 2021 11:29:01 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4J59ZP5ZjZz2xbS; Fri, 3 Dec 2021 11:29:01 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4J59ZP0vXzz2xR4 for ; Fri, 3 Dec 2021 11:29:01 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4J59ZN2vJ5znC for ; Fri, 3 Dec 2021 11:29:00 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1638530940; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/5ScynHTVeZONMPiTvLcPKoAkGi7u4j7qCOfZtWQjAE=; b=q3lE1O9L3KAtqGt6++viUF35qXDB2DF8LEC4I7NQMC603gV3bCmeZbBz/d2GGfj0PmNZMm PtdHiVNm7HmQrvBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1638530940; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/5ScynHTVeZONMPiTvLcPKoAkGi7u4j7qCOfZtWQjAE=; b=KKFXkV/wKcF2+v8tLnqFIinWUqSQq+TuLRo8tJRwUwyYBYbtpzeloaw3WRI4ixOOxZJ2FB iyekVsQLgCAcbiE1OOGQ1ux6gRH4i8LXE6XMK2BJjby/86vINXGhh1MsOIAFNk8o+2qbzK x+D+7OGYM7GxgIcV7zsjfwPabitWRTgp2xUn4RkY8Hx7OGdYWqvKP0xzyUepL8Ao+Q7F4U 7LFljq0KNMbbfj0My+ZlRNUrpsTWTkiSyrRWD/MKkCpwbhQZWYeXjx5vO1127XvSAuyGUt KSf1YQJRpYIrimvoEGZYZ2IrGdS+mxlR5G40WYDdKs1bVHkps6YOlhRTOoCLAw== Subject: [PATCH 4/4] overrides-xd: Add ASNs of Dutch bulletproof ISP conglomerate "Ecatel" To: location@lists.ipfire.org References: <3541e51b-9697-1058-9997-c72e2e9bdd5b@ipfire.org> <1f24cd07-ba48-640b-6c7f-5d859ab61efc@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <5fed06f8-2fa1-9ad2-cef8-ea97a3fee1bc@ipfire.org> Date: Fri, 3 Dec 2021 12:28:59 +0100 MIME-Version: 1.0 In-Reply-To: <1f24cd07-ba48-640b-6c7f-5d859ab61efc@ipfire.org> Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" See: https://www.nrc.nl/nieuws/2021/04/02/the-cesspool-of-the-internet-is-to-be-found-in-a-village-in-north-holland-a4038369 Signed-off-by: Peter Müller --- overrides/override-other.txt | 50 ------------------------------ overrides/override-xd.txt | 60 ++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 50 deletions(-) diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 6d2aa52..7d76534 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -478,11 +478,6 @@ descr: Spectre Operations BV remarks: ISP located in NL, but some RIR data for suballocations of announced prefixes contain garbage country: NL -aut-num: AS48090 -descr: PPTECHNOLOGY LIMITED -remarks: bulletproof ISP (related to AS204655) located in NL -country: NL - aut-num: AS48158 descr: DigitalOne AG remarks: Services appear to be hosted in RU, RIR data faked/incorrect @@ -593,11 +588,6 @@ descr: vServer.site LTD remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage country: DE -aut-num: AS56611 -descr: REBA Communications BV -remarks: bulletproof ISP (related to AS202425) located in NL -country: NL - aut-num: AS56851 descr: PE Skurykhin Mukola Volodumurovuch remarks: tampers with RIR data, traces back to UA @@ -608,11 +598,6 @@ descr: Hostkey B.V. remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage country: NL -aut-num: AS57717 -descr: FiberXpress BV -remarks: bulletproof ISP (related to AS202425) located in NL -country: NL - aut-num: AS57756 descr: Telefonica LLC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -728,21 +713,11 @@ descr: Vivo Trade L.P. remarks: another shady customer of "DDoS Guard Ltd." country: RU -aut-num: AS62068 -descr: SpectraIP B.V. -remarks: bulletproof ISP (linked to AS202425 et al.) located in NL -country: NL - aut-num: AS62079 descr: Ibernap Management S.L. remarks: traces back to various locations in US country: US -aut-num: AS62355 -descr: Network Dedicated SAS -remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL -country: NL - aut-num: AS62468 descr: VpsQuan L.L.C. remarks: claims to be located in US, but traces to HK @@ -768,11 +743,6 @@ descr: SWISS GLOBAL SERVICES S.A.S. remarks: ... surprisingly, all of their prefixes are hosted in CH, yet they claim CO or PA for them country: CH -aut-num: AS64425 -descr: SKB Enterprise B.V. -remarks: bulletproof ISP (linked to AS202425 et al.) located in NL -country: NL - aut-num: AS64437 descr: NForce Entertainment BV remarks: currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL @@ -1008,21 +978,11 @@ descr: 4Media Ltd. remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data country: BG -aut-num: AS202425 -descr: IP Volume Inc. -remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL -country: NL - aut-num: AS202492 descr: SILVERHILL GROUP HOLDING LTD / SAKIS POLUNIGIS remarks: fake offshore location (SC), traces back to RU country: RU -aut-num: AS202769 -descr: Cooperative Investments LLC -remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL -country: NL - aut-num: AS202920 descr: DataClub S.A. remarks: another shady customer of "DDoS Guard Ltd." @@ -1053,11 +1013,6 @@ descr: Global Offshore Limited remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted country: EU -aut-num: AS204655 -descr: Novogara Ltd. -remarks: bulletproof ISP (strongly linked to AS202425) located in NL -country: NL - aut-num: AS205026 descr: Hauer Hosting Services Limited remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage @@ -1293,11 +1248,6 @@ descr: Sun Network Company Limited remarks: IP hijacker, traces back to AP region country: AP -aut-num: AS328671 -descr: Datapacket Maroc SARL -remarks: bulletproof ISP (strongly linked to AS202425) located in NL -country: NL - aut-num: AS328703 descr: Seven Network Inc. remarks: traces back to ZA diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index 8318b49..7df6188 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -25,3 +25,63 @@ # # Please keep this file sorted. # + +aut-num: AS48090 +descr: PPTECHNOLOGY LIMITED +remarks: bulletproof ISP (related to AS204655) located in NL +country: NL +drop: yes + +aut-num: AS56611 +descr: REBA Communications BV +remarks: bulletproof ISP (related to AS202425) located in NL +country: NL +drop: yes + +aut-num: AS57717 +descr: FiberXpress BV +remarks: bulletproof ISP (related to AS202425) located in NL +country: NL +drop: yes + +aut-num: AS62068 +descr: SpectraIP B.V. +remarks: bulletproof ISP (linked to AS202425 et al.) located in NL +country: NL +drop: yes + +aut-num: AS62355 +descr: Network Dedicated SAS +remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL +country: NL +drop: yes + +aut-num: AS64425 +descr: SKB Enterprise B.V. +remarks: bulletproof ISP (linked to AS202425 et al.) located in NL +country: NL +drop: yes + +aut-num: AS202425 +descr: IP Volume Inc. +remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL +country: NL +drop: yes + +aut-num: AS202769 +descr: Cooperative Investments LLC +remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL +country: NL +drop: yes + +aut-num: AS204655 +descr: Novogara Ltd. +remarks: bulletproof ISP (strongly linked to AS202425) located in NL +country: NL +drop: yes + +aut-num: AS328671 +descr: Datapacket Maroc SARL +remarks: bulletproof ISP (strongly linked to AS202425) located in NL +country: NL +drop: yes