North Korea Goes Offline

It was reported earlier today that North Korea was having Internet connectivity issues.

Now obviously given recent events with Sony, this sort of report is far more fascinating than it normally would be. The first question when you see this type of report is whether it’s purely a connectivity issue or whether an attack is behind it. While visibility into North Korean Internet is quite difficult, we are able to see quite a few attacks over the last few days.

1.) All targets are in this netblock:

inetnum:       175.45.176.0 – 175.45.179.255
netname:       STAR-KP
descr:         Ryugyong-dong
descr:         Potong-gang District
country:       KP
admin-c:       SJVC1-AP
tech-c:         SJVC1-AP
status:         ALLOCATED PORTABLE

2.) pDNS Data on the specific targets

175.45.176.8 – This appears to be primary DNS
175.45.176.9 – This appears to be secondary DNS
175.45.176.10 – smtp.star-co.net.kp
175.45.176.67 – naenara.com.kp
175.45.176.77 – Unknown
175.45.176.79 –  www.ryongnamsan.edu.kp

3.) Port Analysis

– All attacks on the 18th, 19th and 20th target port 80
– All attacks (except for one) on the 21st Continue reading