Dan Holden

Author Archives: Dan Holden

North Korea Goes Offline

It was reported earlier today that North Korea was having Internet connectivity issues.

Now obviously given recent events with Sony, this sort of report is far more fascinating than it normally would be. The first question when you see this type of report is whether it’s purely a connectivity issue or whether an attack is behind it. While visibility into North Korean Internet is quite difficult, we are able to see quite a few attacks over the last few days.



1.) All targets are in this netblock:

inetnum: –
netname:       STAR-KP
descr:         Ryugyong-dong
descr:         Potong-gang District
country:       KP
admin-c:       SJVC1-AP
tech-c:         SJVC1-AP
status:         ALLOCATED PORTABLE

2.) pDNS Data on the specific targets – This appears to be primary DNS – This appears to be secondary DNS – smtp.star-co.net.kp – naenara.com.kp – Unknown –  www.ryongnamsan.edu.kp

3.) Port Analysis

– All attacks on the 18th, 19th and 20th target port 80
– All attacks (except for one) on the 21st Continue reading