Data Centre

Networks

Russian telco backs up North Korea's sole Internet link

Transtelecom can reach 256 North Korean hosts

By Richard Chirgwin

27 SHARE

North Korea's very limited Internet has, for the second time in its brief history, obtained a redundant connection to the outside world.

Dyn Research and North Korea specialists 38 North went public with the existence of the new link on October 1.

Dyn's Doug Madory and 38 North's Martyn Williams spotted route announcements from Russian carrier Transtelecom (TTK, as AS20485) that it could reach several North Korean IP ranges.

The pair speculate that given the pressure currently bearing down on the Hermit Kingdom, Norks is becoming wary of the leverage China has as its only link to the Internet, and is connecting to Russian fibre at the Friendship Bridge railway link between the two countries.

38 North's Williams notes that the US is pressuring China to “end all business with North Korea”, which would if carried out cut off that one slim link. A complete cutoff would, however, also deny the US a route by which it can attack Norks, something Williams says is happening.

There are four BGP routes in North Korea's Internet, announced as AS131279, and most of the time the country has only been reachable through China Unicom.

Dyn's post says:

“Star JV has almost exclusively relied on China Unicom for its connectivity to the global internet — the only exception was its partial usage of satellite service from Intelsat between 2012 and 2013. In light of this history, a new internet connection out of North Korea is certainly a notable development.”


Dyn plots of Norks traffic. Click to embiggen

El Reg notes that the Intelsat link either reappeared or remained in use longer than Dyn says. In 2015, Cloudmark said that Star JV (the joint venture between North Korea's telecommunications ministry and Thailand's Loxley Pacific and the sole source of Internet) was still reachable via Intelsat.

Getting the Russian link operational wasn't without teething problems, it seems. When TTK first appeared, it was advertising routes for three of the country's four routes (256 addresses each from blocks 175.45.176.0/24, 175.45.178.0/24 and 175.45.179.0/24).

That didn't last. After an hour, TTK's routes disappeared, making all four Norks routes unstable.

TTK then returned advertising all three routes, but stopped offering transit to 175.45.176.0/24 and 175.45.179.0/24. “At the time of this writing, only 175.45.178.0/24 is being transited by TTK”, the post says.

Telecommunications isn't covered by the most recent round of United Nations sanctions against North Korea.

While four /24 address blocks only gives North Korea addresses for 1,024 hosts, it's perfectly reasonable to assume those hosts are routers with NAT – so although the Internet in the country is known to be small, we still don't know exactly how small.

Also unknown is why Transtelecom put itself in the firing line by doing business with North Korea at such a sensitive time. ®

Sign up to our NewsletterGet IT in your inbox daily

27 Comments

More from The Register

FBI fingers North Korea for two malware strains

'Joanap' and 'Brambul' harvest info about your systems and send it home

First shots at South Korea could herald malware campaign of Olympic proportions

Russia, Norks and dog lovers all potential perps, say pundits

They're baaaack: Avaya outlasts Chapter 11

Debt restructuring checked off, $300 million in the kitty

US Treasury goes after IT shops for funneling cash to North Korea

Meanwhile, Norks deny Sony hacker ever existed

South Korea bans Initial Coin Offerings

Financial regulator worries about speculative investments going bad, fraud and crime

Well, can't get hacked if your PC doesn't work... McAfee yanks BSoDing Endpoint Security patch

Don't install August update, world+dog warned

When is a patch not a patch? When it's for this McAfee password bug

Vulnerability still open to all despite multiple fixes

John McAfee plans 2020 presidential tilt

Crypto-libertarian will form his own party, but first to launch his paper-based cryptocurrency

Why is Bitcoin fscked? Here are three reasons: South Korea, India... and now China clamps down on cryptocurrencies

More like Ohsh-itcoin

Best Korea fingered for hacks against Bitcoin exchanges in South

Norks planning more raids to cover sanction losses, say intel boffins