DPRK reconfigures its Internet connection

Hot on the heels of a series of attacks that have seen its Internet connectivity severely disrupted, the DPRK appears to be adding an additional route through which it links to the global Internet.

The new link began appearing in Internet addressing tables on Monday and connects from Star, the country’s sole Internet service provider, to China Unicom Hong Kong’s network.

Most of the Internet traffic to and from the country already runs over a link from mainland China that is serviced by China Unicom. Almost exactly a year ago, a second connection was added via Intelsat satellite.

The new connection appears to provides a third way for traffic to reach the country, although much is unclear. It’s not immediately clear if it represents a third physical connection or it only happening on the network level, and at present there’s no way to know if it serves as an additional backup or will become an important connection.

Update time:          2013-04-08 03:21 (UTC)
Detected by #peers:   2
Detected prefix:      175.45.177.0/24
Announced by:         AS131279 (STAR-KP --  Ryugyong-dong)
Upstream AS:          AS10099 (HKUNICOM1-AP China Unicom (Hong Kong) Operations Limited)

Renesys, which specializes in analysis of Internet networking, confirmed it was also seeing a new path via China Unicom Hong Kong to North Korea.

Trace routes … from providers who have chosen this new route now send their traffic to Unicom in Hong Kong whereas previously they connected elsewhere,” said Doug Madory. A trace route is a plot of each step taken by a data packet between its source and destination.

At first, only about 3 percent of Internet providers that Renesys tracks were using the new link, he said. But as Tuesday progressed in Pyongyang, there were several changes in the route that caused it to go on and off.

130408-bgp-02

The connection links just one of the DPRK’s four blocks of Internet addresses.

The block in question isn’t the one that hosts North Korea’s handful of web servers — the ones that came under denial of service attack in the last few days. But it does host some computers, including an Internet gateway that serves as one of the ways traffic from inside North Korea gets to the rest of the Internet, according to NorthKoreaTech monitoring.

It’s still too early to say anything definitive about this, but its appearance after the denial of service attacks is interesting. We’ll likely be able to conclude more in the coming days.

3 Comments on "DPRK reconfigures its Internet connection"

  1. They must still be working on it. All the 177 addresses still appear to be down.

  2. It appears they are offshoring webservices to Unicom onsite servers.

    218.25.68.157 is the current A provider for http://uriminzokkiri.com

    • James,

      Thanks for the reply. Uriminzokkiri has always been based in China, but I’m not sure if its hosting has shifted recently. The offices for the site are also based there.

      The sites in the North Korean IP space now have two A records.

      Martyn

1 Trackbacks & Pingbacks

  1. Corrupcion y ciberwar en la red (I)

Comments are closed.

An affiliate of 38 North