From patchwork Fri Aug 17 01:12:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 1888 Return-Path: Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id 1019261A78 for ; Thu, 16 Aug 2018 17:12:46 +0200 (CEST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id D80F110F83DD; Thu, 16 Aug 2018 16:12:45 +0100 (BST) Received: from mx-nbg.link38.eu (mx-nbg.link38.eu [37.120.167.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx-nbg.link38.eu", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4362C10F83DD for ; Thu, 16 Aug 2018 16:12:44 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=link38.eu; s=201803; t=1534432367; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=OhB4zFey1d+a13T07G1mbm9ED1P/EEvctosBqpJazRI=; b=ygAKuHnxxgdS0hzwkH5nT6AZTETF16mpoUGxzK/HvXQ2yQAY00u/R8dotkfrhlXcDRd07f B/BsyBp5U9Bb714iSqaBlUPC8BznTjiIy8AsOZgGvmc9SaGIAsvUv9MkAAElSNAUyf6kKz Wtubp19zoBb3NUkjKPed2cK71oCmyRBGoZs1MSu/1wqUUP1/pqSSUcDLzcOcvkUUIs3Jbn V4QAQftue5+UXPpTfKzLVfW82XkF3AT0m7JLjSAjzJT1XUg1zNMZ/QyZc5t/aXf1b7yuZU 10tRJ6xAqd9YPCp9LVforMFz5gGUStAAFAXrbHG9pJFOkd1OItldLE2jIsguuA== To: "IPFire: Location-List" From: =?utf-8?q?Peter_M=C3=BCller?= Openpgp: preference=signencrypt Autocrypt: addr=peter.mueller@link38.eu; prefer-encrypt=mutual; keydata= xsFNBFrlh/UBEADDNM0LnM9+1NhjgfIz7Ww9Hlx6egK75TJoVa/S9gjI+3DeXn7hsj7vZnQz qSXMhSauU7k4g+F+MmOJP2HRIl0lEo/JNrpAqrAseSnbJp4eq8OTyAL6+Z3SVNJNbcRDOHmw jb/GR8ncURcgYDYV+oCs4csrghtBnm4cWaD/RW10zlB4nQsqQ5G3jzY9aIM+NKRHSAZEbXBZ W6pyDcGRMkwSFTHXpjtFDZ6mVEMxi1nv2W8PMU+uGbs3ud4gzPZ0tT5ICR8bp71qpua4r4RQ o6rB/suiPOptOE5/rk8FiW3ho0y1xDu7bRx8UzdLS9cYCVeSvf9n9YZ6RGOH9O7dS23zfTkS 8iqYol1PmVZrNtpsWBCq4HzFtRJPs6gykFNfj2sVQXU3RHHf2ui0OKm3R0olhLVbKSw2qSPM ajP1vBuVLEMSJmucxlJQ72Im/afnOz3LlNt+/FOB0zneoKGvPpPGSP/Fr5FJYED6/l1DZl2W 8Wb76xq3HGfETHW9kwwqbbQefMu6LNQIw9CnTpSk/R9mt7AnIrKCjxfclLDfz6VBJ0grRDDF PBEVBrj7uZM0UCl/dUX0adjDxBfma/UJZcBlDVX61+41vsX6w094sveKaNdqybAIxqGnhRUq kCHm5P/IYOZrtkao/TsRIW508MJBGmxoUl2qqCj7tXtNy2tiUQARAQABzSdQZXRlciBNw7xs bGVyIDxwZXRlci5tdWVsbGVyQGxpbmszOC5ldT7CwX8EEwECACkFAlrlh/UCGyMFCQlmAYAH CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRDZSPIPfXufaDlVD/0elAwSohcC4T5jFtPt hZ1+jU9t46pwBhQ8ohKpo4/wAuVBg5B0FYb0gegcSicYWsNkhTtCjUhExMilLKTaJir5l+3V B/rU/WG7NgLYqmYsGlgHPXdLZAbOMU/0atONFYos1UZnRGmPfhLwRw3g5TBaKrfqaFBzRABE W0R+XuRoXy9ho+lNP5g0Sa+SxtOeBpLQxppObk5WLUqDKxrvHhStgM3PrJASKujsJiw19IUg ws0q+WezH8LPQd3Vc8DP56sl1/h8w2Xklsdxj1NEcO7OIrrKSNIRGyqgqvtmDi6dxh1suGUW Par/VhB+P+u0yVy8H1lZ4SFUsZJFPwHNFSN41USmT/uHf9Z7K1+qXm4zpyexrDQ+ojuXxnB1 y97cHYcYaCZ2Bo+deljXng1NF0I3CdIdhPfLv7FHRBoBw1xs0qJjUfTfSAZsYD0H/jl76bRx 4s8rrECqM7pMnE4aLiP4m6gKJKooH8QAQsmGRYAI8gG/BIHPHZUpZ8J2jRnj6GQ1MpEdcnLE Q0N7QMayDoPq177es7tey5vzofq3bDGW/O9yqUWiz3e7uaGSQnYoRGm2oCCTojvGt37yS0H8 v+ms2fokPNt8UDmpZoLFFPXDwVcnL/KBkPY665xchatKpBOtJ3lRnXdlyRJW1gGda9G5mGFn xLcWumkZ12YKmtixuM7BTQRa5Yf1ARAA4UCkVBvQhks9lApBxvfZ8ekWrticMooBkegL+KQT TPWQHTgdwkFzSneaRq0vFFcgKxmXA54OmT58y0tf09hUvTGK4COs5GTZKP/SYSWZM6xOQqaT 37fros/ma4iSS+IJw/eDh7bWKM5gllz0EuoewaTveGDWeucf7V36mRUPG47GsNk/PgCRsO5Y SLlpfT/3xH02aRnUmWjzHCkJ9EV388cIWaYo9kP4q9rbcl3IyHP0t78XpIIWH6+o/I0FgzwL GJBdJ0eAE3PNIRGYu8nqYlJ+TIpcIrEPitma6nZtiWAITRO2XDb/2o05tUlEbmlN6dUOqM7X Jvj/Z9KkYNgvYNbHXqXJ+j5gzcq0DR7DtDSDnd1WDrYivQMGBDnZR2YfFjBEsmeArdmDTZqY aqYhBN3iMCI9cErZgik6Niz6jrqBMK98geB04vrqZUYprh7zXgPu0A/EwTIJuZ+GGeEKwMVL pBc2NGxUb/kt8nr1JHAnSludD78EW6QVdpcgO4DhHxzhdDk/L8yE53b5UdvXwad5N4T1QS/Y kk80nByinD4vaIIHti9nOvLQJAro1p997YnVeY0wQ2x14Qw1rqeCOeKqB8PxmHvSK6b+nXLg Dv7HuFLovIeQd/IimGLXBDW4Bkn60HApJ5KcX+GwHp5XqPRKPmtjfMsETZn1ESjyc3sAEQEA AcLBZQQYAQIADwUCWuWH9QIbDAUJCWYBgAAKCRDZSPIPfXufaBRaEACMS5Q1BY/O5o+Vn8lD uMUczEVk/8j07gi1EV2ffutwZ5eYrKvXkuoMPEBb7SWqPUKqpTbw1pNjUf5002c2xm2r/OSZ oQMRWDztht+EMhjy0qkixMV+TvS6DcFPb8sd+KOoIBD08EBVUxpeNhAFxaRjGEDboJUwtDAd EDUJts5HnXvBqEcnkOfkwDSUWf9epa1mbyO1sO5NnMtxQY6paB2UGQPNE5/J3eo4f5s4wrxR AaM6OCCOtJxs4u0svmOCwd0D8LQ6higBq+EFesc57ZpG3pkNokrROFWRpx6OpQJUnYi5lWm8 +4xF99QfI9mHIz+jrnPcsfAiKdXb8QkeaDkR7bIU269wwKupfN6bHsKFtOnx7AhMLUddzTHA hTe8cov/tnn5xPvSZhpfknOBx+mffNQBsCETuCxPMqtDN5xFuwBxw4ZKZpKYFk/FUl6As1z4 LY2tNXb/JI58fGiLreunuvxsEkb97hmly1e19IPOTJzawB/aKRQNpIkoE11UBhKyc+kwIfVo ZCTlp+3hpBFqxEjRReSQUKKb9hA4yP3j90Fb353JbNKf9+Y3UtFPJb67koDOGtbJsk19bzPE zO0j/ek+eXxTIf5NxURVuzY6yvg57ZzW7T/tApT/LLfMEmuYz/LiijgON0uTOSp8KflwAt8m eNtEia+FigGVqn+PSQ== Subject: [PATCH v2] add networks with faked KP location Message-ID: <422ae16f-379b-7860-f9e2-3a9e79e837fa@link38.eu> Date: Thu, 16 Aug 2018 17:12:42 +0200 MIME-Version: 1.0 Content-Language: de-DE Authentication-Results: mail01.ipfire.org; dkim=pass header.d=link38.eu; dmarc=pass (policy=none) header.from=link38.eu; spf=pass smtp.mailfrom=peter.mueller@link38.eu X-Spamd-Result: default: False [-9.54 / 11.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[link38.eu]; BAYES_HAM(-3.00)[100.00%]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:37.120.167.53]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[link38.eu:+]; RCVD_IN_DNSWL_MED(-2.00)[53.167.120.37.list.dnswl.org : 127.0.6.2]; DMARC_POLICY_ALLOW(-0.25)[link38.eu,none]; MX_GOOD(-0.01)[cached: mx-nbg.link38.eu]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-3.78)[ip: (-9.91), ipnet: 37.120.160.0/19(-4.96), asn: 197540(-3.96), country: DE(-0.09)]; ASN(0.00)[asn:197540, ipnet:37.120.160.0/19, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-Spam-Status: No, score=-9.54 X-Rspamd-Server: mail01.i.ipfire.org X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" These networks claim to be located in North Korea, but are mostly used for VPN or other anonymisation purposes. Therefore they are added to A1 or "others" override files. See https://blog.trendmicro.com/trendlabs-security-intelligence/a-closer-look-at-north-koreas-internet/ for details. 57.73.224.0/19 was reassigned since then and contains valid data now, causing it to be omitted. The second version of this patch superseds the first one which was broken due to bugs in the MUAs GPG implementation. Fixes #11757. Signed-off-by: Peter Müller --- country-overrides/override-a1.txt | 25 +++++++++++++++++++++++++ country-overrides/override-other.txt | 5 +++++ 2 files changed, 30 insertions(+) diff --git a/country-overrides/override-a1.txt b/country-overrides/override-a1.txt index bae4ee9..0e94eee 100644 --- a/country-overrides/override-a1.txt +++ b/country-overrides/override-a1.txt @@ -116,6 +116,16 @@ descr: Privax LTD remarks: VPN provider newcountry: A1 +net: 5.62.56.160/30 +descr: Privax LTD/AVAST s.r.o. +remarks: VPN provider, fake location (KP) +newcountry: A1 + +net: 5.62.61.64/30 +descr: Privax LTD/AVAST s.r.o. +remarks: VPN provider, fake location (KP) +newcountry: A1 + net: 5.249.160.0/24 descr: VPNTunnel remarks: VPN provider @@ -226,6 +236,11 @@ descr: GZ Systems Limited/PureVPN remarks: VPN provider newcountry: A1 +net: 45.42.151.0/24 +descr: Manpo ISP/OppoBox LLC/Roya Hosting +remarks: VPN provider [high confidence, but not proofed], fake location (KP) +newcountry: A1 + net: 46.243.136.0/24 descr: GZ Systems Limited/PureVPN remarks: VPN provider @@ -626,6 +641,11 @@ descr: Secure Internet LLC remarks: VPN provider [high confidence, same contact person as for GZ Systems Ltd., but not proofed] newcountry: A1 +net: 172.97.82.128/25 +descr: Fiber Galaxy/Manpo ISP +remarks: VPN provider [high confidence, but not proofed], fake location (KP) +newcountry: A1 + net: 173.239.207.0/24 descr: ExpressVPN remarks: VPN provider @@ -676,6 +696,11 @@ descr: Sys11 VPN Services UG (haftungsbeschraenkt) remarks: VPN provider newcountry: A1 +net: 185.56.163.144/28 +descr: Easy Networks Solutions OU/VPNFacile +remarks: VPN provider [high confidence, but not proofed], fake location (KP) +newcountry: A1 + net: 185.161.200.0/23 descr: ProtonVPN AG remarks: VPN provider diff --git a/country-overrides/override-other.txt b/country-overrides/override-other.txt index 1a83829..edb88a3 100644 --- a/country-overrides/override-other.txt +++ b/country-overrides/override-other.txt @@ -66,3 +66,8 @@ descr: IPv6 localhost address remarks: must not be added to the database newcountry: +# networks with faked location +net: 88.151.117.0/24 +descr: Golden Internet LLC +remarks: fake location (KP), WHOIS contact points to RU +newcountry: RU