r4yan.com

Home / About / Posts / Keybase / BreachForums / Github

Scanning North Korean internet

I’ve started getting curious about the north korean internet and by doing some research i’ve found about they have only a very few IP addreses

currently they have four IPv4 subnets named “Ryugyong-dong”, that are 175.45.176.0/24, 175.45.177.0/24, 175.45.178.0/24, 175.45.179.0/24, and by putting all togheter we can find that their entire subnet is 175.45.176.0/22 that contains in total 1,024 IPs

doing my research i’ve found that also other people scanned the entire north korean network but all the scans were very old and outdated, so i wanted to make a repo that contained a lot of different daily scans of their network from different sides of the world to see if their network blocks traffic from specific countries

most of the scans i did are under the 10,000 ports because otherwise if i scanned all the 65,535 ports the scan would took too much and from some test scans i found out that they don’t have many open high ports

and then i bought some cheap vps and started scanning from different locations around the world with cron jobs that automatically published the scans into the github repository, scanning day and night for months

with all the data collected i started making some research and graphs

as you can see most of their ports open are http and ssl, but for some reason most of these webservers don’t load or respond so maybe i tought they only allow certain traffic seeing the pages or whatever

same thing can be seen here, but another interesting thing is their RedStarOS which is basically their own os that is relatively used a lot seeing from these scans

they also use a lot ftp,smb and other protocols for file sharing which was actually interesting

while surfing some scans i also came across some apple devices being used like here

Nmap scan report for 175.45.176.69
Host is up (0.29s latency).
Not shown: 2999 filtered ports
PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.2.15 ((RedStar4.0))
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: media device|general purpose|specialized
Running: Apple Apple TV 5.X, Apple Mac OS X 10.7.X, Crestron 2-Series
OS CPE: cpe:/a:apple:apple_tv:5.2.1 cpe:/a:apple:apple_tv:5.3 cpe:/o:apple:mac_os_x:10.7.4 cpe:/o:crestron:2_series
OS details: Apple TV 5.2.1 or 5.3, Apple Mac OS X 10.7.4 (Lion) (Darwin 11.4.2), Crestron XPanel control system
Uptime guess: 17.123 days (since Sun Sep  5 22:15:43 2021)

which made me think how even if they hate the majority of the world they still use and rely on their software/hardware

github repository : https://github.com/R4yGM/NorthKoreaScans