Signed-off-by: Peter Müller peter.mueller@ipfire.org --- overrides/override-other.txt | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/overrides/override-other.txt b/overrides/override-other.txt index dab86a0..1d8d1d1 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -1,5 +1,5 @@ # -# override-a3 [.txt] +# override-other [.txt] # # This file contains Autonomous Systems and IP networks whose RIR data are believed to be inaccurate, # incomplete, or bogus on purpose and by chance. A small subset of its entries applies to AS descriptions, @@ -9,13 +9,17 @@ # therefore pose a security threat to these users, especially if being set intentionally to circumvent such # filters. # -# The term "Location" may refer to the actual, physical location of a network (usually hard to enumerate +# The term "location" may refer to the actual, physical location of a network (usually hard to enumerate # beyond a country-level), or its jurisdiction. To the best of our knowledge, the contents of "country"-fields -# in RIR databases were never clarified in this conext. +# in RIR databases were never clarified in this context. # # When in doubt, the physical location of a network will be used below, especially if the jurisdiction of a # network appears to be not helpful at all, such as offshore letterbox companies on the other end of the world. # +# In case an AS or IP network is also flagged (A[1-3], XD), the necessary directives should not go into +# this file, but rather into overrides-{a[1-3],xd}.txt - overrides-other.txt should always be the last +# preference, to keep things tidy. +# # Improvement suggestions are appreciated, please submit them as patches to the location mailing # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact # for further information.
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- overrides/override-xd.txt | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 overrides/override-xd.txt
diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt new file mode 100644 index 0000000..8318b49 --- /dev/null +++ b/overrides/override-xd.txt @@ -0,0 +1,27 @@ +# +# override-xd [.txt] +# +# This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile, +# posing a _technical_ threat against libloc users in general and/or IPFire users in particular. +# +# libloc neither was intended to be an "opinionated" database, nor should it become that way. Please +# refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special +# flag for hostile networks. +# +# Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to +# host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof" +# hosting space for cybercrime infrastructure. +# +# This file should not contain short-lived threats being hosted within legitimate infrastructures, as +# libloc it neither intended nor suitable to protect against such threats in a timely manner - by default, +# clients download a new database once a week. +# +# Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed +# here. +# +# Improvement suggestions are appreciated, please submit them as patches to the location mailing +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact +# for further information. +# +# Please keep this file sorted. +#
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- overrides/override-other.txt | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 1d8d1d1..6d2aa52 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -433,6 +433,11 @@ descr: Digital Energy LLC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU
+aut-num: AS43847 +descr: NbIServ +remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage +country: DE + aut-num: AS44015 descr: Landgard Management Inc. remarks: bulletproof ISP with strong links to RU @@ -488,6 +493,11 @@ descr: ADM Service Ltd. remarks: traces back to Vilnius, LT country: LT
+aut-num: AS49017 +descr: GAIJIN NETWORK LTD +remarks: fake offshore location (CY), traces back to RU +country: RU + aut-num: AS49392 descr: LLC Baxet remarks: tampers with RIR data, traces back to RU @@ -628,6 +638,11 @@ descr: YISP BV remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage country: NL
+aut-num: AS58181 +descr: ULTRANEX LTD +remarks: fake offshore location (CY), hosted in NL +country: NL + aut-num: AS58271 descr: FOP Gubina Lubov Petrivna remarks: bulletproof ISP operating from a war zone in eastern UA @@ -688,6 +703,11 @@ descr: Inter Connects Inc. / Jing Yun remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks country: SE
+aut-num: AS60546 +descr: EU Routing Ltd +remarks: fake offshore location (CY), hosted in NL +country: NL + aut-num: AS60721 descr: Bursabil Teknoloji A.S. remarks: ISP located in TR, but many RIR data for announced prefixes contain garbage @@ -908,6 +928,11 @@ descr: Galaxy Broadband remarks: ISP located in PK, but announces 204.137.128.0/18, which is ARIN space, assigned to "AGIS" / Cogent - odd... country: PK
+aut-num: AS140224 +descr: White-Sand Cloud Computing(HK) Co., LIMITED +remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region +country: AP + aut-num: AS140227 descr: Hong Kong Communications International Co., Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
See: https://www.nrc.nl/nieuws/2021/04/02/the-cesspool-of-the-internet-is-to-be-f...
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- overrides/override-other.txt | 50 ------------------------------ overrides/override-xd.txt | 60 ++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 50 deletions(-)
diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 6d2aa52..7d76534 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -478,11 +478,6 @@ descr: Spectre Operations BV remarks: ISP located in NL, but some RIR data for suballocations of announced prefixes contain garbage country: NL
-aut-num: AS48090 -descr: PPTECHNOLOGY LIMITED -remarks: bulletproof ISP (related to AS204655) located in NL -country: NL - aut-num: AS48158 descr: DigitalOne AG remarks: Services appear to be hosted in RU, RIR data faked/incorrect @@ -593,11 +588,6 @@ descr: vServer.site LTD remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage country: DE
-aut-num: AS56611 -descr: REBA Communications BV -remarks: bulletproof ISP (related to AS202425) located in NL -country: NL - aut-num: AS56851 descr: PE Skurykhin Mukola Volodumurovuch remarks: tampers with RIR data, traces back to UA @@ -608,11 +598,6 @@ descr: Hostkey B.V. remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage country: NL
-aut-num: AS57717 -descr: FiberXpress BV -remarks: bulletproof ISP (related to AS202425) located in NL -country: NL - aut-num: AS57756 descr: Telefonica LLC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -728,21 +713,11 @@ descr: Vivo Trade L.P. remarks: another shady customer of "DDoS Guard Ltd." country: RU
-aut-num: AS62068 -descr: SpectraIP B.V. -remarks: bulletproof ISP (linked to AS202425 et al.) located in NL -country: NL - aut-num: AS62079 descr: Ibernap Management S.L. remarks: traces back to various locations in US country: US
-aut-num: AS62355 -descr: Network Dedicated SAS -remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL -country: NL - aut-num: AS62468 descr: VpsQuan L.L.C. remarks: claims to be located in US, but traces to HK @@ -768,11 +743,6 @@ descr: SWISS GLOBAL SERVICES S.A.S. remarks: ... surprisingly, all of their prefixes are hosted in CH, yet they claim CO or PA for them country: CH
-aut-num: AS64425 -descr: SKB Enterprise B.V. -remarks: bulletproof ISP (linked to AS202425 et al.) located in NL -country: NL - aut-num: AS64437 descr: NForce Entertainment BV remarks: currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL @@ -1008,21 +978,11 @@ descr: 4Media Ltd. remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data country: BG
-aut-num: AS202425 -descr: IP Volume Inc. -remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL -country: NL - aut-num: AS202492 descr: SILVERHILL GROUP HOLDING LTD / SAKIS POLUNIGIS remarks: fake offshore location (SC), traces back to RU country: RU
-aut-num: AS202769 -descr: Cooperative Investments LLC -remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL -country: NL - aut-num: AS202920 descr: DataClub S.A. remarks: another shady customer of "DDoS Guard Ltd." @@ -1053,11 +1013,6 @@ descr: Global Offshore Limited remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted country: EU
-aut-num: AS204655 -descr: Novogara Ltd. -remarks: bulletproof ISP (strongly linked to AS202425) located in NL -country: NL - aut-num: AS205026 descr: Hauer Hosting Services Limited remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage @@ -1293,11 +1248,6 @@ descr: Sun Network Company Limited remarks: IP hijacker, traces back to AP region country: AP
-aut-num: AS328671 -descr: Datapacket Maroc SARL -remarks: bulletproof ISP (strongly linked to AS202425) located in NL -country: NL - aut-num: AS328703 descr: Seven Network Inc. remarks: traces back to ZA diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index 8318b49..7df6188 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -25,3 +25,63 @@ # # Please keep this file sorted. # + +aut-num: AS48090 +descr: PPTECHNOLOGY LIMITED +remarks: bulletproof ISP (related to AS204655) located in NL +country: NL +drop: yes + +aut-num: AS56611 +descr: REBA Communications BV +remarks: bulletproof ISP (related to AS202425) located in NL +country: NL +drop: yes + +aut-num: AS57717 +descr: FiberXpress BV +remarks: bulletproof ISP (related to AS202425) located in NL +country: NL +drop: yes + +aut-num: AS62068 +descr: SpectraIP B.V. +remarks: bulletproof ISP (linked to AS202425 et al.) located in NL +country: NL +drop: yes + +aut-num: AS62355 +descr: Network Dedicated SAS +remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL +country: NL +drop: yes + +aut-num: AS64425 +descr: SKB Enterprise B.V. +remarks: bulletproof ISP (linked to AS202425 et al.) located in NL +country: NL +drop: yes + +aut-num: AS202425 +descr: IP Volume Inc. +remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL +country: NL +drop: yes + +aut-num: AS202769 +descr: Cooperative Investments LLC +remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL +country: NL +drop: yes + +aut-num: AS204655 +descr: Novogara Ltd. +remarks: bulletproof ISP (strongly linked to AS202425) located in NL +country: NL +drop: yes + +aut-num: AS328671 +descr: Datapacket Maroc SARL +remarks: bulletproof ISP (strongly linked to AS202425) located in NL +country: NL +drop: yes