[PATCH] override-{a1,other}: regular batch of various overrides

["Peter Müller" <peter.mueller@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 11705 bytes --]

This one removes networks owned by Cloud Innovation Ltd. from the
"anonymous proxy" category, since the majority of them does not appear
to host anonymous proxies after all.

Same goes for 145.249.104.0/22; all of these are shady areas, however.
They might go into an "XD" category one day, since we do not consider
routing traffic from and to these is a good idea. At the time of
writing, there are still some technical and political (Should libloc
become an opinionated database? Where would we cut the line?) issues to
be solved.

Apart from that, this patch adds some more ASNs hijacking IPv4 space out
of Hong Kong in particular and the Asia/Pacific area in general. Given
the current situation at AfriNIC (whose IPv4 networks are most affected)
and the political environment in this area, cleaning up this dump would
be a tricky and tedious task to do.

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 overrides/override-a1.txt    |  15 -----
 overrides/override-other.txt | 105 +++++++++++++++++++++++++++++++++++
 2 files changed, 105 insertions(+), 15 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 7cd0359..b4940b2 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -573,11 +573,6 @@ descr:				Express VPN International Ltd
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
-net:				45.192.0.0/12
-descr:				Cloud Innovation Ltd.
-remarks:			hijacked (?) AFRINIC IP chunk owned by an offshore company, routed to several dirty networks worldwide, cannot tell what is going on here
-is-anonymous-proxy:	yes
-
 net:				45.220.72.0/22
 descr:				Low budget VPN service
 remarks:			VPN provider
@@ -1053,11 +1048,6 @@ descr:				Hurricane VPN
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
-net:				145.249.104.0/22
-descr:				Liberty Services / IP Volume Inc.
-remarks:			VPN provider [high confidence, but not proofed]
-is-anonymous-proxy:	yes
-
 net:				154.0.24.0/24
 descr:				WIFI and PROXY NET / Atlantique Telecom
 remarks:			VPN provider [high confidence, but not proofed]
@@ -1069,11 +1059,6 @@ remarks:			VPN provider [high confidence, but not proofed]
 is-anonymous-proxy:	yes
 country:			FR
 
-net:				154.192.0.0/11
-descr:				Cloud Innovation Ltd.
-remarks:			hijacked AFRINIC IP chunk, owned by suspicous offshore company, scattered across dirty networks worldwide - not a safe place to go
-is-anonymous-proxy:	yes
-
 net:				156.0.200.0/22
 descr:				xTom Limited
 remarks:			... network operator thinks messing with countries and having an offshore company for it is funny :-/
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index b0ee0ca..2c7caaa 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -110,6 +110,11 @@ descr:		PJSC Rostelecom
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
 country:	RU
 
+aut-num:	AS12679
+descr:		Sokolov Dmitry Nikolaevich
+remarks:	ISP located in RU, but many RIR data for announced prefixes contain garbage
+country:	RU
+
 aut-num:	AS12722
 descr:		RECONN LLC
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -134,11 +139,21 @@ descr:		KLAYER LLC
 remarks:	part of the "Asline" IP hijacking gang, traces back to AP region
 country:	AP
 
+aut-num:	AS18530
+descr:		Isomedia, Inc.
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS18779
 descr:		EGIHosting
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
 country:	US
 
+aut-num:	AS207711
+descr:		Inteldome Corporation
+remarks:	... whose location we are unable to determine precisely, but its definitely not MH :-/
+country:	EU
+
 aut-num:	AS21100
 descr:		ITL LLC
 remarks:	ISP headquatered in BG and/or UA, physically located in NL, some RIR data for announced prefixes contain inaccurate data
@@ -204,6 +219,11 @@ descr:		combahton GmbH
 remarks:	ISP located in DE, but some RIR data for announced prefixes contain garbage
 country:	DE
 
+aut-num:	AS30860
+descr:		Virtual Systems LLC
+remarks:	ISP located in UA, but some RIR data for announced prefixes contain garbage
+country:	UA
+
 aut-num:	AS30982
 descr:		CAFE Informatique et telecommunications (defunct)
 remarks:	spamming bogon located in TG - formerly allocated to CAFE Informatique et telecommunications
@@ -234,6 +254,11 @@ descr:		IP Interactive UG (haftungsbeschraenkt)
 remarks:	ISP located in BG, but RIR data for announced prefixes contain garbage
 country:	BG
 
+aut-num:	AS35196
+descr:		Ihor Hosting LLC
+remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
+country:	RU
+
 aut-num:	AS35251
 descr:		NetLab
 remarks:	tampers with RIR data, most probably located in HK
@@ -264,6 +289,11 @@ descr:		Silverstar Invest Limited
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
 country:	RU
 
+aut-num:	AS35913
+descr:		DediPath LLC
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS37155
 descr:		NetOne Telecomunicacoes (defunct)
 remarks:	spamming bogon located in or near Luanda, AO - formerly allocated to NetOne Telecomunicacoes
@@ -579,6 +609,11 @@ descr:		Vault Dweller OU
 remarks:	traceroutes dead-end somewhere in or near RU
 country:	RU
 
+aut-num:	AS59796
+descr:		Stormwall s.r.o
+remarks:	appears to scatter across EU at least, RIR data contain garbage, might be an A3 candidate
+country:	EU
+
 aut-num:	AS60144
 descr:		3W Infra B.V.
 remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
@@ -624,6 +659,11 @@ descr:		SpectraIP B.V.
 remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
 country:	NL
 
+aut-num:	AS62079
+descr:		Ibernap Management S.L.
+remarks:	traces back to various locations in US
+country:   	US
+
 aut-num:	AS62355
 descr:		Network Dedicated SAS
 remarks:	bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL
@@ -714,11 +754,21 @@ descr:		Optix Pakistan (Pvt.) Limited
 remarks:	ISP located in PK, some RIR data for announced prefixes (bogons?) contain garbage
 country:	PK
 
+aut-num:	AS136545
+descr:		Blue Data Center
+remarks:	IP hijacker located somewhere in AP area, tampers with RIR data
+country:	AP
+
 aut-num:	AS136800
 descr:		ICIDC NETWORK
 remarks:	IP hijacker located somehwere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
 country:	AP
 
+aut-num:	AS136933
+descr:		Gigabitbank Global / Anchnet Asia Limited (?)
+remarks:	IP hijacker located somewhere in AP area, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
+country:	AP
+
 aut-num:	AS136988
 descr:		Leaseweb Australia Pty. Ltd.
 remarks:	ISP located in AU, some RIR data for announced prefixes contain garbage
@@ -729,6 +779,11 @@ descr:		Anchnet Asia Limited
 remarks:	IP hijacker located in HK, tampers with RIR data
 country:	HK
 
+aut-num:	AS137523
+descr:		HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
+remarks:	IP hijacker located in AP area, tampers with RIR data
+country:	AP
+
 aut-num:	AS137951
 descr:		Clayer Limited
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
@@ -739,6 +794,11 @@ descr:		MOACK.Co.LTD
 remarks:	ISP located in KR, some RIR data for announced prefixes contain garbage
 country:	KR
 
+aut-num:	AS138303
+descr:		Asquare International
+remarks:	... which appears to host their stuff solely in US
+country:	US
+
 aut-num:	AS138571
 descr:		SUPERCLOUDS LIMITED
 remarks:	ISP located in HK, tampers with RIR data
@@ -759,6 +819,11 @@ descr:		SANREN DATA LIMITED
 remarks:	IP hijacker located somewhere in AP region, tampers with RIR data
 country:	AP
 
+aut-num:	AS139646
+descr:		HONG KONG Megalayer Technology Co.,Limited
+remarks:	ISP and/or IP hijacker located in HK, tampers with RIR data
+country:	HK
+
 aut-num:	AS139659
 descr:		LUCIDACLOUD LIMITED
 remarks:	ISP and/or IP hijacker located in HK, tampers with RIR data
@@ -774,6 +839,11 @@ descr:		Galaxy Broadband
 remarks:	ISP located in PK, but announces 204.137.128.0/18, which is ARIN space, assigned to "AGIS" / Cogent - odd...
 country:	PK
 
+aut-num:	AS140227
+descr:		Hong Kong Communications International Co., Limited
+remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
+country:	AP
+
 aut-num:	AS140733
 descr:		Wujidun Network Limited
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
@@ -784,6 +854,11 @@ descr:		Full Time Hosting
 remarks:	ISP located in DE, tampers with RIR data
 country:	DE
 
+aut-num:	AS141159
+descr:		Incomparable(HK)Network Co., Limited
+remarks:	ISP and/or IP hijacker located in AP area, tampers with RIR data
+country:	AP
+
 aut-num:	AS196682
 descr:		FLP Kochenov Aleksej Vladislavovich
 remarks:	ISP located in UA, but RIR data for announced prefixes all say EU
@@ -914,6 +989,11 @@ descr:		AAEX NETWORK TECHNOLOGY LTD
 remarks:	IP hijacker located in HK
 country:	HK
 
+aut-num:	AS207461
+descr:		Liquid IO
+remarks:	ISP located in US, but many RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS207569
 descr:		Network Management Ltd.
 remarks:	traceroutes dead-end somewhere in or near RU
@@ -1004,6 +1084,11 @@ descr:		Harry Dowd
 remarks:	ISP located in GB, but RIR data for announced prefixes contain garbage
 country:	GB
 
+aut-num:	AS212913
+descr:		FOP Hornostay Mykhaylo Ivanovych
+remarks:	ISP located in RU, but some RIR data are inaccurate (UA)
+country:	RU
+
 aut-num:	AS212477
 descr:		RoyaleHosting B.V.
 remarks:	ISP located in NL, but RIR data for announced prefixes contain garbage
@@ -1054,6 +1139,11 @@ descr:		DDOS-GUARD CORP.
 remarks:	fake offshore location (BZ), traces back to RU
 country:	RU
 
+aut-num:	AS263744
+descr:		Udasha S.A.
+remarks:	traceroutes dead-end somewhere near NYC, US
+country:	US
+
 aut-num:	AS267784
 descr:		Flyservers S.A.
 remarks:	ISP located in NL, but RIR data for most announced prefixes contain garbage
@@ -1084,6 +1174,11 @@ descr:		Leaseweb USA, Inc.
 remarks:	ISP located in Dallas, TX, US, but some RIR data for announced prefixes contain garbage
 country:	US
 
+aut-num:	AS395886
+descr:		KURUN CLOUD INC
+remarks:	ISP and/or IP hijacker located in US, some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS395954
 descr:		Leaseweb USA, Inc.
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
@@ -1204,6 +1299,11 @@ descr:		Vodafone US Inc.
 remarks:	large Vodafone IP chunk used in ES, but assigned by ARIN (inaccurate data)
 country:   	ES
 
+net:		80.240.96.0/24
+descr:		LLC RusTel
+remarks:	fake location (RU), traces back to HK
+country:   	HK
+
 net:		85.202.80.0/24
 descr:		Amarutu Technology Ltd. / KoDDoS / ESecurity
 remarks:	fake offshore location (BZ), traces back to US
@@ -1234,6 +1334,11 @@ descr:		Petersburg Internet Network Ltd.
 remarks:	RIR data for suballocations contain garbage, they are all located in RU
 country:   	RU
 
+net:		92.223.90.0/24
+descr:		G-Core Labs S.A.
+remarks:	fake location (CY), traces back to HK
+country:   	HK
+
 net:		95.181.152.0/21
 descr:		QWARTA LLC
 remarks:	fake location (US), WHOIS contact and traceroutes point to RU
-- 
2.26.2