[PATCH 1/2] overrides: regular batch of various overrides

[PATCH 1/2] overrides: regular batch of various overrides

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 6902 bytes --]

This includes sane AS names for some Autonomous Systems whose operators
did not set helpful ones in the corresponding RIR DB.

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 overrides/override-a2.txt    |  9 +++--
 overrides/override-a3.txt    |  6 ++++
 overrides/override-other.txt | 66 +++++++++++++++++++++++++++++++++---
 3 files changed, 73 insertions(+), 8 deletions(-)

diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt
index 4aac6ea..502948f 100644
--- a/overrides/override-a2.txt
+++ b/overrides/override-a2.txt
@@ -420,18 +420,21 @@ is-satellite-provider:	yes
 
 aut-num:				AS198381
 descr:					YahClick / Star Satellite Communications Company - PJSC
-remarks:				Satellite Internet provider
+remarks:				Satellite Internet provider, RIR data indicates prefixes are hosted in ES
 is-satellite-provider:	yes
+country:				ES
 
 aut-num:				AS198394
 descr:					YahClick / Star Satellite Communications Company - PJSC
-remarks:				Satellite Internet provider
+remarks:				Satellite Internet provider, RIR data indicates prefixes are hosted in GR
 is-satellite-provider:	yes
+country:				GR
 
 aut-num:				AS198504
 descr:					YahClick / Star Satellite Communications Company - PJSC
-remarks:				Satellite Internet provider
+remarks:				Satellite Internet provider, RIR data indicates prefixes are hosted in LU
 is-satellite-provider:	yes
+country:				LU
 
 aut-num:				AS201554
 descr:					SES Germany GmbH
diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt
index 3c38b69..d810d93 100644
--- a/overrides/override-a3.txt
+++ b/overrides/override-a3.txt
@@ -177,6 +177,12 @@ descr:		Hybula B.V.
 remarks:	Generic anycast network
 is-anycast:	yes
 
+aut-num:	AS57724
+descr:		DDOS-GUARD LTD
+remarks:	shady CDN, customers massively tampers with RIR data, we cannot trust this network
+is-anycast:	yes
+country:	RU
+
 aut-num:	AS57926
 descr:		SafeDNS, Inc.
 remarks:	Public anycast DNS resolver network [high confidence, but not proofed]
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 454d1d5..045b515 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -13,6 +13,18 @@
 # Please keep this file sorted.
 #
 
+aut-num:	AS1739
+as-name:	Tampere University of Technology
+remarks:	has no sane AS name set in RIPE DB
+
+aut-num:	AS1768
+as-name:	NCNIC
+remarks:	has no sane AS name set in APNIC DB
+
+aut-num:	AS1769
+as-name:	NCNIC
+remarks:	has no sane AS name set in APNIC DB
+
 aut-num:	AS1820
 descr:		WNET TELECOM USA Corp.
 remarks:	traces back to various locations in UA, seems to tamper with RIR data
@@ -28,6 +40,22 @@ descr:		Dimension Data
 remarks:	ISP (?) located in ZA, but some RIR data for announced prefixes contain garbage
 country:	ZA
 
+aut-num:	AS4134
+as-name:	Chinanet Backbone
+remarks:	has no sane AS name set in APNIC DB
+
+aut-num:	AS4754
+as-name:	Software Technology Park of India
+remarks:	has no sane AS name set in APNIC DB
+
+aut-num:	AS4800
+as-name:	Indonesia Network Information Center
+remarks:	has no sane AS name set in APNIC DB
+
+aut-num:	AS4814
+as-name:	China169 Beijing Broadband Network
+remarks:	has no sane AS name set in APNIC DB
+
 aut-num:	AS4842
 descr:		Tianhai InfoTech
 remarks:	IP hijacker located somewhere in AP, massively tampers with RIR data
@@ -38,6 +66,10 @@ descr:		XNNET LLC
 remarks:	traces back to an unknown oversea location (HK?), seems to tamper with RIR data
 country:	AP
 
+aut-num:	AS6412
+as-name:	Zajil International Telecom Company
+remarks:	has no sane AS name set in RIPE DB
+
 aut-num:	AS7203
 descr:		Leaseweb USA, Inc.
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
@@ -68,6 +100,10 @@ descr:		ASLINE LIMITED
 remarks:	IP hijacker, traces back to AP region
 country:	AP
 
+aut-num:	AS18185
+as-name:	Northern Taiwan Community University
+remarks:	has no sane AS name set in APNIC DB
+
 aut-num:	AS18254
 descr:		KLAYER LLC
 remarks:	part of the "Asline" IP hijacking gang, traces back to AP region
@@ -128,6 +164,11 @@ descr:		Leaseweb USA, Inc.
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage (BZ)
 country:	US
 
+aut-num:	AS30823
+descr:		combahton GmbH
+remarks:	ISP located in DE, but some RIR data for announced prefixes contain garbage
+country:	DE
+
 aut-num:	AS34224
 descr:		Neterra Ltd.
 remarks:	ISP located in BG, but some RIR data for announced prefixes contain garbage
@@ -168,6 +209,11 @@ descr:		Silverstar Invest Limited
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
 country:	RU
 
+aut-num:	AS37155
+descr:		NetOne Telecomunicacoes (defunct)
+remarks:	spamming bogon located in or near Luanda, AO - formerly allocated to NetOne Telecomunicacoes
+country:	AO
+
 aut-num:	AS38197
 descr:		Sun Network (Hong Kong) Limited
 remarks:	ISP located in HK (duh!), but some RIR data for announced prefixes contain garbage
@@ -268,6 +314,11 @@ descr:		IP Oleinichenko Denis
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
 country:	RU
 
+aut-num:	AS44592
+descr:		Skylink Data Center BV
+remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
+country:	NL
+
 aut-num:	AS44992
 descr:		KeonWoo PARK
 remarks:	claims US for its prefixes announced, but traces back to KR
@@ -318,6 +369,11 @@ descr:		Selectel
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
 country:	RU
 
+aut-num:	AS49612
+descr:		DDoS Guard Ltd. / Cognitive Cloud LLP
+remarks:	another shady customer or branch of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU
+country:	EU
+
 aut-num:	AS49921
 descr:		F.I.H. FORMULA INVESTMENT HOUSE CLEARING LIMITED
 remarks:	claims GR for announced prefixes, but traceroutes dead-end somewhere else in EU
@@ -388,11 +444,6 @@ descr:		FiberXpress BV
 remarks:	bulletproof ISP (related to AS202425) located in NL
 country:	NL
 
-aut-num:	AS57724
-descr:		DDOS-GUARD LTD
-remarks:	shady ISP, customers massively tamper with RIR data, we cannot trust this network
-country:	RU
-
 aut-num:	AS57756
 descr:		Telefonica LLC
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -643,6 +694,11 @@ descr:		Wujidun Network Limited
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
 country:	AP
 
+aut-num:	AS140941
+descr:		Full Time Hosting
+remarks:	ISP located in DE, tampers with RIR data
+country:	DE
+
 aut-num:	AS196682
 descr:		FLP Kochenov Aleksej Vladislavovich
 remarks:	ISP located in UA, but RIR data for announced prefixes all say EU
-- 
2.26.2

[PATCH 2/2] overrides: clarify file contents and policies

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 7720 bytes --]

This patch updates the disclaimer blocks at the beginning of the
override-*.txt files, to be more accurate and helpful to people wishing
to propose changes to them.

In addition, a remark regarding the A[1-3] country codes has been added.

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 overrides/override-a1.txt    | 26 ++++++++++++++++----------
 overrides/override-a2.txt    | 20 ++++++++++++++------
 overrides/override-a3.txt    | 20 +++++++++++++++-----
 overrides/override-other.txt | 26 ++++++++++++++++++--------
 4 files changed, 63 insertions(+), 29 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 284c3e8..77d5b08 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -1,19 +1,25 @@
 #
 # override-a1 [.txt]
 #
-# This file contains Autonomous Systems (AS) or IP networks/adresses
-# which are - in fact or with a high level of confidence - anonymous
-# proxies (special country code: A1).
+# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
+# confidence - for publicly available services for forwarding traffic anonymously, such as
+# VPN providers.
 #
-# Since it does not make sense to assign them to a county, they
-# will be flagged as "A1" in the database.
+# While their country code set is preserved in libloc - unless utterly bogus -, it does not
+# actually make sense to assign these to a distinct country. Therefore, they will be flagged
+# as "anonymous proxies" in libloc query results.
 #
-# Although we do not consider them to be bad entirely, they might
-# be unwanted in certain scenarios.
+# For historical reasons, parts of IPFire's web interface use "A1" as a country code for them.
+# This violates ISO 3166, and might be changed to a different country code inside a reserved
+# range in the future.
 #
-# Please note only long-living Tor relay providers with static IPs
-# are listed here, as the list of all Tor relays will be dynamically
-# generated by another script.
+# At the moment, major Tor exit relay providers are included here as well. They will be dropped
+# from this file in the future, as soon as bug #11754 has been solved and a list of Tor exit
+# relays is imported dynamically while compiling the database.
+#
+# Improvement suggestions are appreciated, please submit them as patches to the location mailing
+# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
+# for further information.
 #
 # Please keep this file sorted.
 #
diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt
index 502948f..223b4df 100644
--- a/overrides/override-a2.txt
+++ b/overrides/override-a2.txt
@@ -1,13 +1,21 @@
 #
 # override-a2 [.txt]
 #
-# This file contains Autonomous Systems (AS) or IP networks/addresses
-# which are - in fact or with a high level of confidence - belonging
-# to satellite network providers (special country code: A2).
+# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
+# confidence - for customers or dial-in pools of satellite-based internet services.
 #
-# Since a satellite uplink connection is possible from almost
-# anywhere in the world, it does not make sense to assign them to a
-# specific country. They will be flagged as "A2" in the database.
+# While their country code set is preserved in libloc - unless utterly bogus -, it does not
+# actually make sense to assign these to a distinct country, since a satellite connection is
+# possible from virtually any place in the world. Therefore, they will be flagged as "satellite
+# providers" in libloc query results.
+#
+# For historical reasons, parts of IPFire's web interface use "A2" as a country code for them.
+# This violates ISO 3166, and might be changed to a different country code inside a reserved
+# range in the future.
+#
+# Improvement suggestions are appreciated, please submit them as patches to the location mailing
+# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
+# for further information.
 #
 # Please keep this file sorted.
 #
diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt
index d810d93..b07d4b8 100644
--- a/overrides/override-a3.txt
+++ b/overrides/override-a3.txt
@@ -1,12 +1,22 @@
 #
 # override-a3 [.txt]
 #
-# This file contains Autonomous Systems (AS) or IP networks/addresses
-# which are - in fact or with a high level of confidence - believed
-# to be worldwide anycast instances (special country codes: A3).
+# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
+# confidence - for worldwide anycast services.
 #
-# It does not make sense to assign them to a certain country, they
-# will be flagged as "A3" in the database.
+# While their country code set is preserved in libloc - unless utterly bogus -, it does not
+# make sense to assign these to a distinct country. Therefore, they will be flagged as "anycast"
+# in libloc query results.
+#
+# For historical reasons, parts of IPFire's web interface use "A3" as a country code for them.
+# This violates ISO 3166, and might be changed to a different country code inside a reserved
+# range in the future.
+#
+# Improvement suggestions are appreciated, please submit them as patches to the location mailing
+# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
+# for further information.
+#
+# Please keep this file sorted.
 #
 
 aut-num:	AS69
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 045b515..d232fc6 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -1,14 +1,24 @@
 #
-# override-other [.txt]
+# override-a3 [.txt]
 #
-# This file contains Autonomous Systems (AS) or IP networks/addresses
-# whose country information in corresponding RIR data is believed or proven
-# to be invalid or inaccurate and which do not match to one of the special categories
-# A[1-3].
+# This file contains Autonomous Systems and IP networks whose RIR data are believed to be inaccurate,
+# incomplete, or bogus on purpose and by chance. A small subset of its entries applies to AS descriptions,
+# while the majority covers country code assignments.
 #
-# Such networks might be legitimate (poorly maintained WHOIS data), shady
-# (networks owned by letterbox companies in offshore jurisdictions) or
-# hostile (faked RIR data in order to bypass location-based filtering).
+# The latter are crucial due to location-based firewalling or routing. Inaccurate country code assignments
+# therefore pose a security threat to these users, especially if being set intentionally to circumvent such
+# filters.
+#
+# The term "Location" may refer to the actual, physical location of a network (usually hard to enumerate
+# beyond a country-level), or its jurisdiction. To the best of our knowledge, the contents of "country"-fields
+# in RIR databases were never clarified in this conext.
+#
+# When in doubt, the physical location of a network will be used below, especially if the jurisdiction of a
+# network appears to be not helpful at all, such as offshore letterbox companies on the other end of the world.
+#
+# Improvement suggestions are appreciated, please submit them as patches to the location mailing
+# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
+# for further information.
 #
 # Please keep this file sorted.
 #
-- 
2.26.2

Re: [PATCH 2/2] overrides: clarify file contents and policies

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 8141 bytes --]

Hello,

This doesn’t seem to apply :(

-Michael

> On 6 Aug 2021, at 17:07, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> This patch updates the disclaimer blocks at the beginning of the
> override-*.txt files, to be more accurate and helpful to people wishing
> to propose changes to them.
> 
> In addition, a remark regarding the A[1-3] country codes has been added.
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> overrides/override-a1.txt    | 26 ++++++++++++++++----------
> overrides/override-a2.txt    | 20 ++++++++++++++------
> overrides/override-a3.txt    | 20 +++++++++++++++-----
> overrides/override-other.txt | 26 ++++++++++++++++++--------
> 4 files changed, 63 insertions(+), 29 deletions(-)
> 
> diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
> index 284c3e8..77d5b08 100644
> --- a/overrides/override-a1.txt
> +++ b/overrides/override-a1.txt
> @@ -1,19 +1,25 @@
> #
> # override-a1 [.txt]
> #
> -# This file contains Autonomous Systems (AS) or IP networks/adresses
> -# which are - in fact or with a high level of confidence - anonymous
> -# proxies (special country code: A1).
> +# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
> +# confidence - for publicly available services for forwarding traffic anonymously, such as
> +# VPN providers.
> #
> -# Since it does not make sense to assign them to a county, they
> -# will be flagged as "A1" in the database.
> +# While their country code set is preserved in libloc - unless utterly bogus -, it does not
> +# actually make sense to assign these to a distinct country. Therefore, they will be flagged
> +# as "anonymous proxies" in libloc query results.
> #
> -# Although we do not consider them to be bad entirely, they might
> -# be unwanted in certain scenarios.
> +# For historical reasons, parts of IPFire's web interface use "A1" as a country code for them.
> +# This violates ISO 3166, and might be changed to a different country code inside a reserved
> +# range in the future.
> #
> -# Please note only long-living Tor relay providers with static IPs
> -# are listed here, as the list of all Tor relays will be dynamically
> -# generated by another script.
> +# At the moment, major Tor exit relay providers are included here as well. They will be dropped
> +# from this file in the future, as soon as bug #11754 has been solved and a list of Tor exit
> +# relays is imported dynamically while compiling the database.
> +#
> +# Improvement suggestions are appreciated, please submit them as patches to the location mailing
> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
> +# for further information.
> #
> # Please keep this file sorted.
> #
> diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt
> index 502948f..223b4df 100644
> --- a/overrides/override-a2.txt
> +++ b/overrides/override-a2.txt
> @@ -1,13 +1,21 @@
> #
> # override-a2 [.txt]
> #
> -# This file contains Autonomous Systems (AS) or IP networks/addresses
> -# which are - in fact or with a high level of confidence - belonging
> -# to satellite network providers (special country code: A2).
> +# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
> +# confidence - for customers or dial-in pools of satellite-based internet services.
> #
> -# Since a satellite uplink connection is possible from almost
> -# anywhere in the world, it does not make sense to assign them to a
> -# specific country. They will be flagged as "A2" in the database.
> +# While their country code set is preserved in libloc - unless utterly bogus -, it does not
> +# actually make sense to assign these to a distinct country, since a satellite connection is
> +# possible from virtually any place in the world. Therefore, they will be flagged as "satellite
> +# providers" in libloc query results.
> +#
> +# For historical reasons, parts of IPFire's web interface use "A2" as a country code for them.
> +# This violates ISO 3166, and might be changed to a different country code inside a reserved
> +# range in the future.
> +#
> +# Improvement suggestions are appreciated, please submit them as patches to the location mailing
> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
> +# for further information.
> #
> # Please keep this file sorted.
> #
> diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt
> index d810d93..b07d4b8 100644
> --- a/overrides/override-a3.txt
> +++ b/overrides/override-a3.txt
> @@ -1,12 +1,22 @@
> #
> # override-a3 [.txt]
> #
> -# This file contains Autonomous Systems (AS) or IP networks/addresses
> -# which are - in fact or with a high level of confidence - believed
> -# to be worldwide anycast instances (special country codes: A3).
> +# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
> +# confidence - for worldwide anycast services.
> #
> -# It does not make sense to assign them to a certain country, they
> -# will be flagged as "A3" in the database.
> +# While their country code set is preserved in libloc - unless utterly bogus -, it does not
> +# make sense to assign these to a distinct country. Therefore, they will be flagged as "anycast"
> +# in libloc query results.
> +#
> +# For historical reasons, parts of IPFire's web interface use "A3" as a country code for them.
> +# This violates ISO 3166, and might be changed to a different country code inside a reserved
> +# range in the future.
> +#
> +# Improvement suggestions are appreciated, please submit them as patches to the location mailing
> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
> +# for further information.
> +#
> +# Please keep this file sorted.
> #
> 
> aut-num:	AS69
> diff --git a/overrides/override-other.txt b/overrides/override-other.txt
> index 045b515..d232fc6 100644
> --- a/overrides/override-other.txt
> +++ b/overrides/override-other.txt
> @@ -1,14 +1,24 @@
> #
> -# override-other [.txt]
> +# override-a3 [.txt]
> #
> -# This file contains Autonomous Systems (AS) or IP networks/addresses
> -# whose country information in corresponding RIR data is believed or proven
> -# to be invalid or inaccurate and which do not match to one of the special categories
> -# A[1-3].
> +# This file contains Autonomous Systems and IP networks whose RIR data are believed to be inaccurate,
> +# incomplete, or bogus on purpose and by chance. A small subset of its entries applies to AS descriptions,
> +# while the majority covers country code assignments.
> #
> -# Such networks might be legitimate (poorly maintained WHOIS data), shady
> -# (networks owned by letterbox companies in offshore jurisdictions) or
> -# hostile (faked RIR data in order to bypass location-based filtering).
> +# The latter are crucial due to location-based firewalling or routing. Inaccurate country code assignments
> +# therefore pose a security threat to these users, especially if being set intentionally to circumvent such
> +# filters.
> +#
> +# The term "Location" may refer to the actual, physical location of a network (usually hard to enumerate
> +# beyond a country-level), or its jurisdiction. To the best of our knowledge, the contents of "country"-fields
> +# in RIR databases were never clarified in this conext.
> +#
> +# When in doubt, the physical location of a network will be used below, especially if the jurisdiction of a
> +# network appears to be not helpful at all, such as offshore letterbox companies on the other end of the world.
> +#
> +# Improvement suggestions are appreciated, please submit them as patches to the location mailing
> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
> +# for further information.
> #
> # Please keep this file sorted.
> #
> -- 
> 2.26.2

Re: [PATCH 2/2] overrides: clarify file contents and policies

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 8644 bytes --]

Hello Michael,

I really hate to say so, but it does on my machine.

Since I spotted a couple of other networks in need of an override the other day (and apparently
flubbed up the AS names additions :-/ ), I will hand in a second patchset later on.

Sorry for the inconvenience.

Thanks, and best regards,
Peter Müller


> Hello,
> 
> This doesn’t seem to apply :(
> 
> -Michael
> 
>> On 6 Aug 2021, at 17:07, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>>
>> This patch updates the disclaimer blocks at the beginning of the
>> override-*.txt files, to be more accurate and helpful to people wishing
>> to propose changes to them.
>>
>> In addition, a remark regarding the A[1-3] country codes has been added.
>>
>> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
>> ---
>> overrides/override-a1.txt    | 26 ++++++++++++++++----------
>> overrides/override-a2.txt    | 20 ++++++++++++++------
>> overrides/override-a3.txt    | 20 +++++++++++++++-----
>> overrides/override-other.txt | 26 ++++++++++++++++++--------
>> 4 files changed, 63 insertions(+), 29 deletions(-)
>>
>> diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
>> index 284c3e8..77d5b08 100644
>> --- a/overrides/override-a1.txt
>> +++ b/overrides/override-a1.txt
>> @@ -1,19 +1,25 @@
>> #
>> # override-a1 [.txt]
>> #
>> -# This file contains Autonomous Systems (AS) or IP networks/adresses
>> -# which are - in fact or with a high level of confidence - anonymous
>> -# proxies (special country code: A1).
>> +# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
>> +# confidence - for publicly available services for forwarding traffic anonymously, such as
>> +# VPN providers.
>> #
>> -# Since it does not make sense to assign them to a county, they
>> -# will be flagged as "A1" in the database.
>> +# While their country code set is preserved in libloc - unless utterly bogus -, it does not
>> +# actually make sense to assign these to a distinct country. Therefore, they will be flagged
>> +# as "anonymous proxies" in libloc query results.
>> #
>> -# Although we do not consider them to be bad entirely, they might
>> -# be unwanted in certain scenarios.
>> +# For historical reasons, parts of IPFire's web interface use "A1" as a country code for them.
>> +# This violates ISO 3166, and might be changed to a different country code inside a reserved
>> +# range in the future.
>> #
>> -# Please note only long-living Tor relay providers with static IPs
>> -# are listed here, as the list of all Tor relays will be dynamically
>> -# generated by another script.
>> +# At the moment, major Tor exit relay providers are included here as well. They will be dropped
>> +# from this file in the future, as soon as bug #11754 has been solved and a list of Tor exit
>> +# relays is imported dynamically while compiling the database.
>> +#
>> +# Improvement suggestions are appreciated, please submit them as patches to the location mailing
>> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
>> +# for further information.
>> #
>> # Please keep this file sorted.
>> #
>> diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt
>> index 502948f..223b4df 100644
>> --- a/overrides/override-a2.txt
>> +++ b/overrides/override-a2.txt
>> @@ -1,13 +1,21 @@
>> #
>> # override-a2 [.txt]
>> #
>> -# This file contains Autonomous Systems (AS) or IP networks/addresses
>> -# which are - in fact or with a high level of confidence - belonging
>> -# to satellite network providers (special country code: A2).
>> +# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
>> +# confidence - for customers or dial-in pools of satellite-based internet services.
>> #
>> -# Since a satellite uplink connection is possible from almost
>> -# anywhere in the world, it does not make sense to assign them to a
>> -# specific country. They will be flagged as "A2" in the database.
>> +# While their country code set is preserved in libloc - unless utterly bogus -, it does not
>> +# actually make sense to assign these to a distinct country, since a satellite connection is
>> +# possible from virtually any place in the world. Therefore, they will be flagged as "satellite
>> +# providers" in libloc query results.
>> +#
>> +# For historical reasons, parts of IPFire's web interface use "A2" as a country code for them.
>> +# This violates ISO 3166, and might be changed to a different country code inside a reserved
>> +# range in the future.
>> +#
>> +# Improvement suggestions are appreciated, please submit them as patches to the location mailing
>> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
>> +# for further information.
>> #
>> # Please keep this file sorted.
>> #
>> diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt
>> index d810d93..b07d4b8 100644
>> --- a/overrides/override-a3.txt
>> +++ b/overrides/override-a3.txt
>> @@ -1,12 +1,22 @@
>> #
>> # override-a3 [.txt]
>> #
>> -# This file contains Autonomous Systems (AS) or IP networks/addresses
>> -# which are - in fact or with a high level of confidence - believed
>> -# to be worldwide anycast instances (special country codes: A3).
>> +# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
>> +# confidence - for worldwide anycast services.
>> #
>> -# It does not make sense to assign them to a certain country, they
>> -# will be flagged as "A3" in the database.
>> +# While their country code set is preserved in libloc - unless utterly bogus -, it does not
>> +# make sense to assign these to a distinct country. Therefore, they will be flagged as "anycast"
>> +# in libloc query results.
>> +#
>> +# For historical reasons, parts of IPFire's web interface use "A3" as a country code for them.
>> +# This violates ISO 3166, and might be changed to a different country code inside a reserved
>> +# range in the future.
>> +#
>> +# Improvement suggestions are appreciated, please submit them as patches to the location mailing
>> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
>> +# for further information.
>> +#
>> +# Please keep this file sorted.
>> #
>>
>> aut-num:	AS69
>> diff --git a/overrides/override-other.txt b/overrides/override-other.txt
>> index 045b515..d232fc6 100644
>> --- a/overrides/override-other.txt
>> +++ b/overrides/override-other.txt
>> @@ -1,14 +1,24 @@
>> #
>> -# override-other [.txt]
>> +# override-a3 [.txt]
>> #
>> -# This file contains Autonomous Systems (AS) or IP networks/addresses
>> -# whose country information in corresponding RIR data is believed or proven
>> -# to be invalid or inaccurate and which do not match to one of the special categories
>> -# A[1-3].
>> +# This file contains Autonomous Systems and IP networks whose RIR data are believed to be inaccurate,
>> +# incomplete, or bogus on purpose and by chance. A small subset of its entries applies to AS descriptions,
>> +# while the majority covers country code assignments.
>> #
>> -# Such networks might be legitimate (poorly maintained WHOIS data), shady
>> -# (networks owned by letterbox companies in offshore jurisdictions) or
>> -# hostile (faked RIR data in order to bypass location-based filtering).
>> +# The latter are crucial due to location-based firewalling or routing. Inaccurate country code assignments
>> +# therefore pose a security threat to these users, especially if being set intentionally to circumvent such
>> +# filters.
>> +#
>> +# The term "Location" may refer to the actual, physical location of a network (usually hard to enumerate
>> +# beyond a country-level), or its jurisdiction. To the best of our knowledge, the contents of "country"-fields
>> +# in RIR databases were never clarified in this conext.
>> +#
>> +# When in doubt, the physical location of a network will be used below, especially if the jurisdiction of a
>> +# network appears to be not helpful at all, such as offshore letterbox companies on the other end of the world.
>> +#
>> +# Improvement suggestions are appreciated, please submit them as patches to the location mailing
>> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
>> +# for further information.
>> #
>> # Please keep this file sorted.
>> #
>> -- 
>> 2.26.2
>