From mboxrd@z Thu Jan 1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: location@lists.ipfire.org
Subject: [PATCH] override-{a1,other}: regular batch of various overrides
Date: Thu, 19 Aug 2021 11:36:25 +0200
Message-ID: <7c5604a2-a37c-cf53-9f2b-b06f5fa0fdd1@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3339986053549270460=="
List-Id: <location.lists.ipfire.org>
--===============3339986053549270460==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
This one removes networks owned by Cloud Innovation Ltd. from the
"anonymous proxy" category, since the majority of them does not appear
to host anonymous proxies after all.
Same goes for 145.249.104.0/22; all of these are shady areas, however.
They might go into an "XD" category one day, since we do not consider
routing traffic from and to these is a good idea. At the time of
writing, there are still some technical and political (Should libloc
become an opinionated database? Where would we cut the line?) issues to
be solved.
Apart from that, this patch adds some more ASNs hijacking IPv4 space out
of Hong Kong in particular and the Asia/Pacific area in general. Given
the current situation at AfriNIC (whose IPv4 networks are most affected)
and the political environment in this area, cleaning up this dump would
be a tricky and tedious task to do.
Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
overrides/override-a1.txt | 15 -----
overrides/override-other.txt | 105 +++++++++++++++++++++++++++++++++++
2 files changed, 105 insertions(+), 15 deletions(-)
diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 7cd0359..b4940b2 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -573,11 +573,6 @@ descr: Express VPN International Ltd
remarks: VPN provider
is-anonymous-proxy: yes
=20
-net: 45.192.0.0/12
-descr: Cloud Innovation Ltd.
-remarks: hijacked (?) AFRINIC IP chunk owned by an offshore company, route=
d to several dirty networks worldwide, cannot tell what is going on here
-is-anonymous-proxy: yes
-
net: 45.220.72.0/22
descr: Low budget VPN service
remarks: VPN provider
@@ -1053,11 +1048,6 @@ descr: Hurricane VPN
remarks: VPN provider
is-anonymous-proxy: yes
=20
-net: 145.249.104.0/22
-descr: Liberty Services / IP Volume Inc.
-remarks: VPN provider [high confidence, but not proofed]
-is-anonymous-proxy: yes
-
net: 154.0.24.0/24
descr: WIFI and PROXY NET / Atlantique Telecom
remarks: VPN provider [high confidence, but not proofed]
@@ -1069,11 +1059,6 @@ remarks: VPN provider [high confidence, but not proo=
fed]
is-anonymous-proxy: yes
country: FR
=20
-net: 154.192.0.0/11
-descr: Cloud Innovation Ltd.
-remarks: hijacked AFRINIC IP chunk, owned by suspicous offshore company, s=
cattered across dirty networks worldwide - not a safe place to go
-is-anonymous-proxy: yes
-
net: 156.0.200.0/22
descr: xTom Limited
remarks: ... network operator thinks messing with countries and having an =
offshore company for it is funny :-/
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index b0ee0ca..2c7caaa 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -110,6 +110,11 @@ descr: PJSC Rostelecom
remarks: ISP located in RU, but some RIR data for announced prefixes contain=
garbage
country: RU
=20
+aut-num: AS12679
+descr: Sokolov Dmitry Nikolaevich
+remarks: ISP located in RU, but many RIR data for announced prefixes contain=
garbage
+country: RU
+
aut-num: AS12722
descr: RECONN LLC
remarks: ISP located in RU, but some RIR data for announced prefixes contain=
garbage
@@ -134,11 +139,21 @@ descr: KLAYER LLC
remarks: part of the "Asline" IP hijacking gang, traces back to AP region
country: AP
=20
+aut-num: AS18530
+descr: Isomedia, Inc.
+remarks: ISP located in US, but some RIR data for announced prefixes contain=
garbage
+country: US
+
aut-num: AS18779
descr: EGIHosting
remarks: ISP located in US, but some RIR data for announced prefixes contain=
garbage
country: US
=20
+aut-num: AS207711
+descr: Inteldome Corporation
+remarks: ... whose location we are unable to determine precisely, but its de=
finitely not MH :-/
+country: EU
+
aut-num: AS21100
descr: ITL LLC
remarks: ISP headquatered in BG and/or UA, physically located in NL, some RI=
R data for announced prefixes contain inaccurate data
@@ -204,6 +219,11 @@ descr: combahton GmbH
remarks: ISP located in DE, but some RIR data for announced prefixes contain=
garbage
country: DE
=20
+aut-num: AS30860
+descr: Virtual Systems LLC
+remarks: ISP located in UA, but some RIR data for announced prefixes contain=
garbage
+country: UA
+
aut-num: AS30982
descr: CAFE Informatique et telecommunications (defunct)
remarks: spamming bogon located in TG - formerly allocated to CAFE Informati=
que et telecommunications
@@ -234,6 +254,11 @@ descr: IP Interactive UG (haftungsbeschraenkt)
remarks: ISP located in BG, but RIR data for announced prefixes contain garb=
age
country: BG
=20
+aut-num: AS35196
+descr: Ihor Hosting LLC
+remarks: ISP located in RU, but some RIR data for announced prefixes contain=
garbage
+country: RU
+
aut-num: AS35251
descr: NetLab
remarks: tampers with RIR data, most probably located in HK
@@ -264,6 +289,11 @@ descr: Silverstar Invest Limited
remarks: ISP located in RU, but some RIR data for announced prefixes contain=
garbage
country: RU
=20
+aut-num: AS35913
+descr: DediPath LLC
+remarks: ISP located in US, but some RIR data for announced prefixes contain=
garbage
+country: US
+
aut-num: AS37155
descr: NetOne Telecomunicacoes (defunct)
remarks: spamming bogon located in or near Luanda, AO - formerly allocated t=
o NetOne Telecomunicacoes
@@ -579,6 +609,11 @@ descr: Vault Dweller OU
remarks: traceroutes dead-end somewhere in or near RU
country: RU
=20
+aut-num: AS59796
+descr: Stormwall s.r.o
+remarks: appears to scatter across EU at least, RIR data contain garbage, mi=
ght be an A3 candidate
+country: EU
+
aut-num: AS60144
descr: 3W Infra B.V.
remarks: ISP located in NL, but some RIR data for announced prefixes contain=
garbage
@@ -624,6 +659,11 @@ descr: SpectraIP B.V.
remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
country: NL
=20
+aut-num: AS62079
+descr: Ibernap Management S.L.
+remarks: traces back to various locations in US
+country: US
+
aut-num: AS62355
descr: Network Dedicated SAS
remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but tr=
aces to NL
@@ -714,11 +754,21 @@ descr: Optix Pakistan (Pvt.) Limited
remarks: ISP located in PK, some RIR data for announced prefixes (bogons?) c=
ontain garbage
country: PK
=20
+aut-num: AS136545
+descr: Blue Data Center
+remarks: IP hijacker located somewhere in AP area, tampers with RIR data
+country: AP
+
aut-num: AS136800
descr: ICIDC NETWORK
remarks: IP hijacker located somehwere in AP, suspected to be part of the "A=
sline" IP hijacking gang, tampers with RIR data
country: AP
=20
+aut-num: AS136933
+descr: Gigabitbank Global / Anchnet Asia Limited (?)
+remarks: IP hijacker located somewhere in AP area, suspected to be part of t=
he "Asline" IP hijacking gang, tampers with RIR data
+country: AP
+
aut-num: AS136988
descr: Leaseweb Australia Pty. Ltd.
remarks: ISP located in AU, some RIR data for announced prefixes contain gar=
bage
@@ -729,6 +779,11 @@ descr: Anchnet Asia Limited
remarks: IP hijacker located in HK, tampers with RIR data
country: HK
=20
+aut-num: AS137523
+descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
+remarks: IP hijacker located in AP area, tampers with RIR data
+country: AP
+
aut-num: AS137951
descr: Clayer Limited
remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, trac=
es back to AP region
@@ -739,6 +794,11 @@ descr: MOACK.Co.LTD
remarks: ISP located in KR, some RIR data for announced prefixes contain gar=
bage
country: KR
=20
+aut-num: AS138303
+descr: Asquare International
+remarks: ... which appears to host their stuff solely in US
+country: US
+
aut-num: AS138571
descr: SUPERCLOUDS LIMITED
remarks: ISP located in HK, tampers with RIR data
@@ -759,6 +819,11 @@ descr: SANREN DATA LIMITED
remarks: IP hijacker located somewhere in AP region, tampers with RIR data
country: AP
=20
+aut-num: AS139646
+descr: HONG KONG Megalayer Technology Co.,Limited
+remarks: ISP and/or IP hijacker located in HK, tampers with RIR data
+country: HK
+
aut-num: AS139659
descr: LUCIDACLOUD LIMITED
remarks: ISP and/or IP hijacker located in HK, tampers with RIR data
@@ -774,6 +839,11 @@ descr: Galaxy Broadband
remarks: ISP located in PK, but announces 204.137.128.0/18, which is ARIN sp=
ace, assigned to "AGIS" / Cogent - odd...
country: PK
=20
+aut-num: AS140227
+descr: Hong Kong Communications International Co., Limited
+remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, trac=
es back to AP region
+country: AP
+
aut-num: AS140733
descr: Wujidun Network Limited
remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, trac=
es back to AP region
@@ -784,6 +854,11 @@ descr: Full Time Hosting
remarks: ISP located in DE, tampers with RIR data
country: DE
=20
+aut-num: AS141159
+descr: Incomparable(HK)Network Co., Limited
+remarks: ISP and/or IP hijacker located in AP area, tampers with RIR data
+country: AP
+
aut-num: AS196682
descr: FLP Kochenov Aleksej Vladislavovich
remarks: ISP located in UA, but RIR data for announced prefixes all say EU
@@ -914,6 +989,11 @@ descr: AAEX NETWORK TECHNOLOGY LTD
remarks: IP hijacker located in HK
country: HK
=20
+aut-num: AS207461
+descr: Liquid IO
+remarks: ISP located in US, but many RIR data for announced prefixes contain=
garbage
+country: US
+
aut-num: AS207569
descr: Network Management Ltd.
remarks: traceroutes dead-end somewhere in or near RU
@@ -1004,6 +1084,11 @@ descr: Harry Dowd
remarks: ISP located in GB, but RIR data for announced prefixes contain garb=
age
country: GB
=20
+aut-num: AS212913
+descr: FOP Hornostay Mykhaylo Ivanovych
+remarks: ISP located in RU, but some RIR data are inaccurate (UA)
+country: RU
+
aut-num: AS212477
descr: RoyaleHosting B.V.
remarks: ISP located in NL, but RIR data for announced prefixes contain garb=
age
@@ -1054,6 +1139,11 @@ descr: DDOS-GUARD CORP.
remarks: fake offshore location (BZ), traces back to RU
country: RU
=20
+aut-num: AS263744
+descr: Udasha S.A.
+remarks: traceroutes dead-end somewhere near NYC, US
+country: US
+
aut-num: AS267784
descr: Flyservers S.A.
remarks: ISP located in NL, but RIR data for most announced prefixes contain=
garbage
@@ -1084,6 +1174,11 @@ descr: Leaseweb USA, Inc.
remarks: ISP located in Dallas, TX, US, but some RIR data for announced pref=
ixes contain garbage
country: US
=20
+aut-num: AS395886
+descr: KURUN CLOUD INC
+remarks: ISP and/or IP hijacker located in US, some RIR data for announced p=
refixes contain garbage
+country: US
+
aut-num: AS395954
descr: Leaseweb USA, Inc.
remarks: ISP located in US, but some RIR data for announced prefixes contain=
garbage
@@ -1204,6 +1299,11 @@ descr: Vodafone US Inc.
remarks: large Vodafone IP chunk used in ES, but assigned by ARIN (inaccurat=
e data)
country: ES
=20
+net: 80.240.96.0/24
+descr: LLC RusTel
+remarks: fake location (RU), traces back to HK
+country: HK
+
net: 85.202.80.0/24
descr: Amarutu Technology Ltd. / KoDDoS / ESecurity
remarks: fake offshore location (BZ), traces back to US
@@ -1234,6 +1334,11 @@ descr: Petersburg Internet Network Ltd.
remarks: RIR data for suballocations contain garbage, they are all located i=
n RU
country: RU
=20
+net: 92.223.90.0/24
+descr: G-Core Labs S.A.
+remarks: fake location (CY), traces back to HK
+country: HK
+
net: 95.181.152.0/21
descr: QWARTA LLC
remarks: fake location (US), WHOIS contact and traceroutes point to RU
--=20
2.26.2
--===============3339986053549270460==--