This is my first post related to North Korea, it will be simple and straight to the point. In this post you will find information on North Korea’s internet IP addresses. Both their allocated addresses and assigned addresses.
For those that do not know the difference between allocated and assigned:
- Allocated: address space is distributed to members for the purpose of subsequent distribution by them. As in you “own” the range and can assign IPs to others.
- Assigned: address space is distributed to a single end-user for the purpose of actual deployment in that end-users own network. As in someone else “owns” the range and is letting you use the IP.
North Korea’s only autonomous system (AS) number is AS131279, and its only peer is AS4837, the AS for China Unicom.
Currently North Korea has one known block of 1,024 IPv4 allocated addresses:
- 188.8.131.52 – 184.108.40.206
North Korea also has a few other ranges such as the one that contains 256 China Unicom addresses.This range is what they were using before being allocated the 1024 range that I listed above.
- 220.127.116.11 – 18.104.22.168
A Russian Satellite company that goes by the name SatGate assigned a range to North Korea. This is an interesting IP range because they are registered under the European RIPE Registry as opposed to APNIC, the registry for the Asian Pacific region:
- 22.214.171.124 – 126.96.36.199
There is some other interesting information about the IP addresses from SatGate, the service is not coming from SatGate but from a company named IntelSat. If you look at SatGate’s coverage map you will notice that North Korea is outside of their service area. But if you look at IntelSat’s coverage, North Korea fits in the coverage area. Also if you check the border gateway protocol messages from your ISP when trying to reach www.kcna.kp you can see that North Korea has two links, the link from China Netcom and a second route via Intelsat. Check out IntelSat and pay close attention to “IntelSat 22”. You will notice that it has great coverage of North Korea.
That is all of the recon I have done so far on finding out information about North Korea’s internet facing servers. I do plan to do some scanning to attempt to identify some of the devices as well as monitoring some internet traffic to see what is coming and going.
If you know more information please comment and share!