Looking at North Korea’s IP Space with Shodan
With all the news about North Korea’s online capabilities being shutdown I figured I would take a quick look at their IP space with Shodan, the “hacker’s Google”.
First I pulled up North Korea’s main IP space of 126.96.36.199 – 188.8.131.52 and found about 755 returns, 234 being SIP or Voice over IP – basically some sort of voice/video device.
But what if we filter the search to just look for regular servers?
8 results! You read that right, just eight! Most of them run some sort of CentOS Linux version with Apache. Looking at the rest of their IP space I found the following:
- net:184.108.40.206/24 server turned up 2 more.
- net:220.127.116.11/24 server turned up 8.
- And finally net:18.104.22.168/24 server returned with 2.
So according to these searches with Shodan, N. Korea has around 20 servers active. Not a massive internet presence by any stretch of the imagination.