DPRK reconfigures its Internet connection
Hot on the heels of a series of attacks that have seen its Internet connectivity severely disrupted, the DPRK appears to be adding an additional route through which it links to the global Internet.
The new link began appearing in Internet addressing tables on Monday and connects from Star, the country’s sole Internet service provider, to China Unicom Hong Kong’s network.
Most of the Internet traffic to and from the country already runs over a link from mainland China that is serviced by China Unicom. Almost exactly a year ago, a second connection was added via Intelsat satellite.
The new connection appears to provides a third way for traffic to reach the country, although much is unclear. It’s not immediately clear if it represents a third physical connection or it only happening on the network level, and at present there’s no way to know if it serves as an additional backup or will become an important connection.
Update time: 2013-04-08 03:21 (UTC) Detected by #peers: 2 Detected prefix: 22.214.171.124/24 Announced by: AS131279 (STAR-KP -- Ryugyong-dong) Upstream AS: AS10099 (HKUNICOM1-AP China Unicom (Hong Kong) Operations Limited)
Renesys, which specializes in analysis of Internet networking, confirmed it was also seeing a new path via China Unicom Hong Kong to North Korea.
“Trace routes … from providers who have chosen this new route now send their traffic to Unicom in Hong Kong whereas previously they connected elsewhere,” said Doug Madory. A trace route is a plot of each step taken by a data packet between its source and destination.
At first, only about 3 percent of Internet providers that Renesys tracks were using the new link, he said. But as Tuesday progressed in Pyongyang, there were several changes in the route that caused it to go on and off.
The connection links just one of the DPRK’s four blocks of Internet addresses.
The block in question isn’t the one that hosts North Korea’s handful of web servers — the ones that came under denial of service attack in the last few days. But it does host some computers, including an Internet gateway that serves as one of the ways traffic from inside North Korea gets to the rest of the Internet, according to NorthKoreaTech monitoring.
It’s still too early to say anything definitive about this, but its appearance after the denial of service attacks is interesting. We’ll likely be able to conclude more in the coming days.
|Print article||This entry was posted by Martyn Williams on April 9, 2013 at 13:23, and is filed under Internet. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site.|
about 2 years ago - 1 comment
Tuesday’s series of denial of service attacks on major North Korean websites caused delays and frustration for legitimate users but doesn’t appear to have been as large or successful as the first round of attacks in late March and early April this year. Analysis by NorthKoreaTech.org of data related to the attacks shows the so-called…
about 2 years ago - 6 comments
A cyber attack on three of South Korea’s major broadcasters and several of its major banks appears to have been caused by a relatively unsophisticated piece of software, security researchers said Wednesday. [Story updated, see below] The attacks, which began at around 2pm local time on Wednesday (5:00 UTC) left desktop and laptop computers unable…
about 2 years ago - 3 comments
An apparently sophisticated and coordinated cyber attack has caused widespread disruption to computer networks and three of South Koreas largest broadcasters and two of the country’s banks. The attack first showed itself at 2pm on Wednesday when computers at KBS, MBC and YTN shutdown. Upon restarting, the computers displayed error messages saying they were unable…
about 2 years ago - 1 comment
Last week’s Internet outage that pushed North Korean websites offline for almost two days was probably caused by a problem inside the country, not on an external connection, an Internet researcher said Monday. “The impacted equipment was within North Korea,” said Doug Madory, a senior research engineer at Renesys. On Friday, he published a detailed…
about 2 years ago - 2 comments
The Internet disruption that affected North Korea’s Internet link earlier this week lasted almost two days, an Internet monitoring company said Friday. It began just before 0100 GMT on Wednesday — that’s 10am local time — and continued for much of the next day and a half. It then took several hours for traffic levels and…
about 2 years ago - 2 comments
Just when you thought it couldn’t get any more bizarre than Dennis Rodman hugging Kim Jong Un, the operators of The Pirate Bay site claimed Monday that they are now running from the North Korean Internet. The Pirate Bay is one of the Internet’s longest surviving pirate sites. It links to Bit Torrent files of…
about 3 years ago - 4 comments
North Korea no longer relies on a single foreign telecom company to carry its Internet traffic to and from the rest of the world. Ever since Star Joint Venture launched the country’s first fully-fledged Internet connection in 2010, North Korean traffic has flowed across the country’s northern border and through an interconnection with China Netcom.…
about 4 years ago - 4 comments
Cyber attacks against South Korean organizations have been much in the headlines in recent weeks. With each attempt to crash a web server, phish for private information or infiltrate a computer in South Korea, the country’s government points its finger of blame towards North Korea, but concrete evidence is often thin on the ground. Investigators…
about 4 years ago - 2 comments
A couple of new details about Star JV, the company now responsible for North Korea’s connection to the global Internet, came to light this week. They were included in a report from the Internet Assigned Numbers Authority (IANA) about the reassignment of the country’s dot-kp domain to Star JV. The report reveals the mission of…