| ▲ | superducktoes 19 hours ago |
| Thanks for sharing my site. Happy to answer any questions |
|
| ▲ | monerozcash 19 hours ago | parent | next [-] |
| Don't have questions, but your blog is very cool. A bit over a decade ago I used to spend a lot of time hacking North Korean web infrastructure, I mostly found that they tended to have firewalling around almost all boxes exposed to the global internet and usually had pretty impressive reaction times if you tried to access the country intranet through a compromised web server. I've always wondered how successful NSA and the likes have been at infiltrating DPRK networks, as it would inherently be fairly easy to detect any sketchy traffic from the outside. I wonder if the recent NYT story essentially confirms that difficulty. Regarding the NSA and DPRK, there's this document from 2007 least https://www.eff.org/files/2015/02/03/20150117-spiegel-fifth_... I guess I have a question after all: I'm not exactly clear on how NK treats end-user devices. Do you know if the endpoints used by NK based remote workers have internet and intranet access at the same time? If they do, such an endpoint could offer an easy and stealthy channel to access the intranet. |
| |
| ▲ | superducktoes 18 hours ago | parent | next [-] | | the end user devices are also really interesting. as far as i know they require a piece of software called netkey or oconnect as it's recently been renamed. that's for getting access inside the country and then for anyone outside they have software called hangro that is similar to a vpn for connecting back to north korea and getting messages | |
| ▲ | superducktoes 18 hours ago | parent | prev | next [-] | | thanks really appreciate that!
I've seen that doc before and it does really make me wonder. part of the leaks from the NSA tools years back had some references in there for detecting north koreas ant-virus silivaccine https://github.com/b30wulf/Malware-collection/blob/4f5906c93... There was also the hacking team leak from years ago and they were selling exploits for north korea's red star OS: https://nkinternet.wordpress.com/wp-content/uploads/2025/12/... I assume they've been on their networks in the past but i think North Korea has also done a lot over the years to secure their side. it used to be a lot easier when they left everything as an open directory and didn't realize what they were doing. | | |
| ▲ | monerozcash 18 hours ago | parent [-] | | >There was also the hacking team leak from years ago and they were selling exploits for north korea's red star OS: https://nkinternet.wordpress.com/wp-content/uploads/2025/12/... South Korean NIS was in fact a hacking team client, so it would make sense. Especially considering how terrible Red Star OS was at the time, a HT engineer could probably have whipped those up in a couple of days. https://web.archive.org/web/20180302155452/http://english.yo... >I assume they've been on their networks in the past but i think North Korea has also done a lot over the years to secure their side. it used to be a lot easier when they left everything as an open directory and didn't realize what they were doing. I'm sure they've had some success, but I'd expect it to be a really difficult environment to operate in. Even for the NSA. I suppose eventually there'll be a better leak and we'll get to find out just how well it's been going. |
| |
| ▲ | anonu 11 hours ago | parent | prev [-] | | > this document from 2007 Interesting document - confirming "everyone spies on everyone". Is this from some sort of corporate NSA chat room? | | |
| ▲ | monerozcash 11 hours ago | parent [-] | | It's like the NSA Reddit, they've got memes and up- and downvotes. Some excerpts from a seemingly unreleased Snowden leak (from Dark mirror: Edward Snowden and the American Surveillance State): > “Why is a scoop of potatoes larger than a scoop of eggs in the cafeteria?” a contributor named Michael wondered one day. Paul jumped in to play the troll. “Let me be the first to down-vote you,” Paul wrote, naming several pedantic reasons. A side debate erupted: should Michael’s post be down-voted, flagged, or removed? Clyde returned to the topic at hand with a facetious theory that scoop volume is proportional to the relative size of potatoes and eggs themselves. In that case, Scott replied, what would happen if “we served eggs that were bigger than potatoes, like of an Ostrich?” Someone proposed a uniform system, “One Spoon to scoop them all,” an homage to Lord of the Rings. Punsters demanded the “inside scoop” and lamented the waste of time on “small potatoes.” Gotta say, it's pretty disappointing that Gellman, Greenwald, Poltras et. al. have been so stingy with these documents. It's definitely starting to have been long enough for them to just dump everything. |
|
|
|
| ▲ | eqvinox 13 minutes ago | parent | prev | next [-] |
| > … 2.5 GB per second between all the provinces. What's your source for that number? Is it GBit or GByte? Are they building out OTU1? |
|
| ▲ | metadat 19 hours ago | parent | prev | next [-] |
| Impressive sleuthing! It's interesting to discover the reality that packet routing ends up following political affiliations. I didn't know North Korea only has 1,024 IPv4 addresses. Do you know why so few IPs? How did they get them? |
| |
| ▲ | toast0 18 hours ago | parent | next [-] | | > It's interesting to discover the reality that packet routing ends up following political affiliations. Certainly political affiliations have some influence, but also China and Russia have land borders with North Korea and are not at war. It's very common to run fiber optic on/under railroads and vehicle roads, so there you go. It's probably pretty hard to attract an international cable consortium to land in North Korea given everything, but terrestrial cabling is easier to start with anyway. > I didn't know North Korea only has 1,024 IPv4 addresses. Do you know why so few IPs? How did they get them? They would have asked APNIC, the Regional Internet address Registry for their region (Asia-Pacific). I can't find an assignment date, but 175/8 was assigned to APNIC in 2009. 2009 lines up with wikipedia reporting of the startup of the current ISP joint venture. | |
| ▲ | monerozcash 19 hours ago | parent | prev [-] | | DPRK can certainly get however many IP addresses they want, DPRK just doesn't have that much infrastructure that they want externally accessible. As far as I know, end-user traffic from within North Korea usually does not originate from those few IP addresses. Or at least not visibly so, they might be connecting to a proxy from a DPRK IP address. | | |
| ▲ | lukan 15 hours ago | parent [-] | | "DPRK can certainly get however many IP addresses they want" IP4 is quite limited as far as I know and not given out freely since a long time, or what do you mean here? | | |
| ▲ | protocolture 2 hours ago | parent | next [-] | | Apnic used to hand out a /22 to most members. Its now a waiting list for 2 /24s. They would probably give some priority to a nation state over yet another mdu fibre isp. | |
| ▲ | jauer 14 hours ago | parent | prev | next [-] | | IPv4 continues to be available to entities that have a need that fits a particular policy shape, just most people don't.
Specifically, you can get IPv4 /24s for IPv6 transition purposes. This includes anycast DNS, MX, etc for legacy clients on other networks, v4-side of CGNAT, etc. E.g. I was able to get a /24 in the ARIN region in 2021 and could justify 2 more for a _logical_ network topology similar to what NK presents to the world. APNIC similarly has a pool available for IPv4 allocations: https://www.apnic.net/manage-ip/ipv4-exhaustion/#the-situati... | | |
| ▲ | eqvinox 3 minutes ago | parent [-] | | IPv4 is a question of money in almost all cases at this point. You can get what you can pay for. |
| |
| ▲ | toast0 14 hours ago | parent | prev | next [-] | | APNIC has some addresses [1] and will assign up to two /24s to qualified new accounts within the region. There are also carve outs for National Internet Registries and Internet eXchange Points. [1] as of Nov 2025, approximately 3 million or a little more than 12,000 /24s https://www.apnic.net/manage-ip/ipv4-exhaustion/#how-to-tras... | |
| ▲ | monerozcash 14 hours ago | parent | prev [-] | | IPv4 is readily available and not very expensive. DPRK can just buy or lease them. |
|
|
|
|
| ▲ | apercu 17 hours ago | parent | prev | next [-] |
| What a great read. Thanks. |
|
| ▲ | NedF 15 hours ago | parent | prev [-] |
| [dead] |
