Hi H4zzmatt, It is difficult to estimate the cause of the disruption just using this data. Since it affected both Internet transit connections (China Unicom and Intelsat), it stands to reason the disruption was on the North Korean side. The instability of the routes suggests that those routers were affected in some way, but it is interesting that the routes mostly stayed up despite connectivity being impaired. This suggests that the router(s) announcing these routes must have stayed alive, kept their BGP sessions active and continued to announce the routes. So perhaps it was networking equipment deeper in the North Korean network which suffered the outage. Was it the result of a cyber attack? Maybe. It could also have been a power failure, equipment failure or a misconfiguration by a network admin. Thanks for the question, Doug
North Korea Suffers Outage
|Earlier this morning,
North Korea accused the United States of conducting a cyber attack that disrupted their Internet connectivity. While the details remain unknown, we can confirm that, in the last two days, North Korea’s sole Internet provider has had ongoing problems staying connected to the global Internet. We’ll summarize some of our evidence in this blog entry.
Internet in North Korea
North Korea has an extremely small Internet for a country of 24 million people. Not counting the network involved in the recent Pirate Bay hoax, the four networks of North Korea are routed by a single Internet service provider, Star JV (AS 131279), which has two international Internet service providers: China Unicom (AS 4837) and Intelsat (AS 22351). Star began service on 18 November 2010 and gained Intelsat as a provider on 8 April 2012.
We observed disruptions in North Korean Internet connectivity beginning at 00:59:30 UTC on 13 March 2013. At this time, North Korea’s four networks were very briefly removed from the global routing table (chart lower left). When the routes were restored, one of the four networks was routed over Intelsat, while the other three were routed over China Unicom. After a few hours, all networks were once again routed over China Unicom. For about two hours starting at 22:40 UTC on 13 March, all four networks disappeared for a second time from the global routing table. Later on 14 March, we saw Intelsat again appear as a provider for one of the networks for several hours.
Despite such routing instabilities, North Korean networks were generally available in the global routing table. However, when we look at our active measurements (i.e., traceroutes) into North Korea during this time, we see a significant drop-off in successful responses, suggesting a loss of connectivity not visible in routing data alone (chart lower right).
The following graphic presents another view of latencies into North Korea, constructed from recent measurements using all of our worldwide servers. This perspective helps illustrate the disruption of connectivity. Traceroutes through Intelsat appear for some North Korean hosts as they failover to satellite service.
Rest easy everyone. The Pirate Bay was unharmed in this incident.
Thats some nice raw data, it would be nice if based on your experience you could theorize as to the nature of the cause for these outages? Do you feel they are cyber attacks as DPRK says or more normal configuration issues. What do they look like to you. - H4zzmatt