North Korea’s Internet Presence

The Boston Globe reports that North Korea is entirely offline.

Two quotes struck me. The first:

The country officially has 1,024 Internet protocol addresses, although the actual number may be somewhat higher. By comparison, the United States has billions of addresses.

That’s… Quite few. A lot of tiny hosting companies have more substantial netblocks.

CloudFlare, an Internet company based in San Francisco, confirmed Monday that North Korea’s Internet access was “toast.” A large number of connections had been withdrawn, “showing that the North Korean network has gone away,” Matthew Prince, CloudFlare’s founder, wrote in an email.

“Withdrawn” was interesting terminology to me, making me think that their routers had withdrawn their routes from the Internet / stopped advertising them. That could be caused by an attack, but the prefixes disappearing from the global routing table is slightly more extreme than their routers simply failing to pass traffic. So I wondered: what network(s) does North Korea have, and what happened to them? Let’s find out!

North Korea’s Address Space

This is a great page, listing the known networks assigned to North Korea. (It also contains an interesting scan of their IP space, albeit from a while ago.) According to that site, there are three netblocks:

  • 175.45.176.0/22 (the block of 1024 IPs the article mentions), owned by North Korea
  • 210.52.109.0/24 from China Unicom (not China Unicorn as my eyes read every time)
  • 77.94.35.0/24 from a satellite provider

The first is the official one that they control, and the other two are delegated from other carriers’ IP space.

175.45.176.0/22 is “toast”

To borrow the term from the CloudFlare quote, their main netblock is “toast.” Taking a look at various looking glasses, the network doesn’t exist in the global routing table:

  • Cogent’s looking glass: “% Network not in table”
  • HE: “None of the BGP4 routes match the display condition”
  • nLayer GTT “No route found.”

The other two networks are still in the routing table, but that’s unsurprising since they’re managed by other ISPs. North Korea’s main netblock has disappeared from the Internet routing tables entirely.

.kp is offline

The .kp TLD has two nameservers, and they’re both in the vanished 175.45.176.0/22 block:

;; QUESTION SECTION:
;kp.                IN  NS

;; AUTHORITY SECTION:
kp.         172800  IN  NS  ns2.kptc.kp.
kp.         172800  IN  NS  ns1.kptc.kp.

;; ADDITIONAL SECTION:
ns1.kptc.kp.        172800  IN  A   175.45.176.15
ns2.kptc.kp.        172800  IN  A   175.45.176.16

(As an aside, I had a hard time hosting my own DNS for a .com domain because I was supposed to have two nameservers on separate /24s. Here is a TLD that doesn’t meet that requirement.)

So, other than anything already cached, nothing in .kp can possibly resolve right now.

North Korean websites

As an aside, here is a list of every .kp domain I can find in existence:

  • airkoryo.com.kp (The website of state airline, Air Koryo)
  • friend.com.kp (The website of the Committee for Cultural Relations with Foreign Countries)
  • kcna.kp (The website of the Korean Central News Agency)
  • knic.com.kp
  • koredufund.org.kp
  • korelcfund.org.kp
  • korfilm.com.kp (The website of the Pyongyang Film Festival)
  • ksf.com.kp
  • naenara.com.kp (The official North Korean governmental portal, Naenara)
  • rodong.rep.kp (The website of the Rodong Sinmun newspaper)
  • vok.rep.kp (The website of shortwave station Voice of Korea)

Descriptions, where present, come from the .kp Wikipedia page. My list comes from Wikipedia and a private crawler. (They’re not linked because none of them could resolve right now.)

This site has another list.

2 thoughts on “North Korea’s Internet Presence

Leave a Reply

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax