Inside North Korea's Naenara Browser 159
msm1267 (2804139) writes with this excerpt from Threatpost Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North Korea and found more than a little weirdness. The Naenara browser is part of the Red Star operating system used in North Korea and it's a derivative of an outdated version of Mozilla Firefox. The country is known to tightly control the communications and activities of its citizens and that extends online, as well. Robert Hansen, vice president of WhiteHat Labs at WhiteHat Security, and an accomplished security researcher, recently got a copy of Naenara and began looking at its behavior, and he immediately realized that every time the browser loads, its first move is to make a request to a non-routable IP address, http://10.76.1.11./ That address is not reachable from networks outside the DPRK.
"Here's where things start to go off the rails: what this means is that all of the DPRK's national network is non-routable IP space. You heard me; they're treating their entire country like some small to medium business might treat their corporate office," Hansen wrote in a blog post detailing his findings. "The entire country of North Korea is sitting on one class A network (16,777,216 addresses). I was always under the impression they were just pretending that they owned large blocks of public IP space from a networking perspective, blocking everything and selectively turning on outbound traffic via access control lists."
"Here's where things start to go off the rails: what this means is that all of the DPRK's national network is non-routable IP space. You heard me; they're treating their entire country like some small to medium business might treat their corporate office," Hansen wrote in a blog post detailing his findings. "The entire country of North Korea is sitting on one class A network (16,777,216 addresses). I was always under the impression they were just pretending that they owned large blocks of public IP space from a networking perspective, blocking everything and selectively turning on outbound traffic via access control lists."
The future of the internet, really (Score:4, Funny)
IPv6 will never take off, so in the end we'll be bridging national internets just like this one.
Re: (Score:1)
This. In an ironic twist, this just means that NK is ahead of rather than behind the times.
NAT is evil. But people are stupid. Therefore NAT continues to be used. The Kim thanatocracy is especially evil, therefore treats the whole country as if behind a NAT firewall. Which also happens to block most things to most people.
At least it doesn't use other people's IP addresses.
Re: (Score:2)
Ironically, things like this could accelerate the move to IPv6, since countries w/ computing needs larger than 17m can't use this solution.
But if they were doing it this way, why couldn't they just get UNIXWARE, and then put the entire country on an IPX network? That way, they'd have enough addresses for everyone, while being completely incompatible w/ the rest of the world, which would make the Pyongyang regime happy. I'm sure SCO would have been happy to get its debts settled by selling off UNIXWARE t
Re: (Score:2)
Precisely!!! It would take forever to scan a /64.
Not just that, in IPv6, an interface has several addresses, not just one. A link local addresses, a site unique address, and maybe several global unicast addresses. It's up to an organization on who needs to have external internet connectivity. So the entire network could be on fd00:db8:fab:cab::/64, and the few people in the organization that must have external internet connectivity can be assigned single global unicast addresses using DHCPv6.
Re: (Score:2)
yea maybe it is a ton better that way, but no one can understand it. It would have been that much simpler if the protocol and addresses stayed the same but you went from four decimal numbers to six, i.e. an IP that looks like 252.167.24.8.112
It's the first time I just heard of "link local address", though I can sort of work up what that means, and also first time I learn that one NIC has multiple addresses though I read some many stuff about ipv6 mainly on slashdot.
IPv6's multiple addresses (Score:3)
Even if your idea had been done, it would have grown from 32 bits to 36. But that aside, even if it had grown from 32 bits to 33, you'd still have a completely incompatible protocol, even if they preserved NAT and everything else already there in IPv4, since your IPv4 header would have changed. Which would have required all networking gear worldwide to be redone.
The 128 bit representation - if you want, you could have represented an address of 2001:db8:fab:cad::1 in decimals as 8193.3512.4011.3245.0.0.0
Re: (Score:2)
Thanks (though, it is a 48 bit address I was proposing here).
I now somehow understand why an interface on a desktop has a fe80: address even though there's nothing ipv6 compatible to talk to it. I suppose one useful use case is between a VM guest and its host.
Really, the concept of a 192.168.0.x was useful to a Joe Blow I believe. Had a home network in the early 00s with one modem (first dialup, then ethernet DSL modem which you would use from one PC by faking dialup), no DHCP. Knowledge of 192.168.x.x IP w
Re: (Score:2)
IPv6 will never take off.
According to Google, it is [google.com]. Slowly, admittedly, but about 5% of Google users now have IPv6.
Re: (Score:2)
AFAIK all four of the major wireless providers support IPv6 (just tested and confirmed on my t-mobile galaxy note 4, and saw it working on a verizon phone earlier, meanwhile AT&T and Sprint say they support it.) The only way you wouldn't be using it at this point is if your phone doesn't support it, or you're on a small carrier that doesn't (though I would assume all MVNOs support it.)
However, strangely enough it seems that my phone defaults to using the V4 stack when hitting google specifically (typing
Re: (Score:2)
Re: (Score:2)
I assume that's for the US, which seems ahead of the game despite having plenty of v4 addresses.
Here in the UK, none of the major ISPs have deployed v6 at all, and I don't think any of the mobile companies have either. I suppose they're just risk averse, as dealing with support calls for unexpected problems isn't cheap and their margins aren't huge.
Re: (Score:2)
They shouldn't have any support issues to deal with when deploying IPv6. If end user hardware doesn't support it or isn't configured properly, then they will be completely unaware of and unaffected by its existence. That would only change when IPv4 becomes deprecated (my personal prediction is 2030.)
Now if the end users explicitly need IPv6, then they might have support issues to deal with (i.e. telling them how to configure it) but usually the only ones that would need to do that (at least, until IPv4 is d
Re: (Score:2)
That should be true in theory, but the IPv6 hardware & software is nowhere near as well tested as the IPv4 equivalent, both in terms of home equipment and in the ISPs own networks. How often does this kind of thing work perfectly first time? And the staff don't have the same experience with it to fix problems when they do occur. Anything new is a risk, and since hardly any home customers are demanding IPv6 it might seem like it's a risk not worth taking until made absolutely necessary by v4 exhaustion.
T
Re: (Score:2)
That should be true in theory, but the IPv6 hardware & software is nowhere near as well tested as the IPv4 equivalent, both in terms of home equipment and in the ISPs own networks.
It's true in fact. If the device doesn't support the v6 stack, then it just flat out ignores it; it may as well not even be there. After it gets passed to the CPE device at layer 2, the layer 3 doesn't know what to do with it, so it's simply discarded as if it were a corrupt IP datagram. Likewise it can't cause any trouble.
Re: (Score:2)
If end user hardware doesn't support it or isn't configured properly, then they will be completely unaware of and unaffected by its existence.
End user hardware generally does support it though - any vaguely modern computer, smartphone or tablet should automatically pick up and use an IPv6 address if available. So if the ISPs start supplying v6 it's essential that it works reliably, because the users' devices will try and use it. Broken v6 does affect connectivity, even if v4 still works fine. And even if the fault is with the users own equipment, you can bet they'll be complaining to the ISP.
Second post because I realised my first one doesn't dir
Re: (Score:2)
End user hardware generally does support it though - any vaguely modern computer, smartphone or tablet should automatically pick up and use an IPv6 address if available.
Typically it never reaches that point. The CPE router either doesn't support it or isn't configured for it. That means the rest of the CPE network doesn't either.
Broken v6 does affect connectivity, even if v4 still works fine.
Incorrect. The v6 stack does path MTU discovery prior to creating a socket. If that fails, then as per IETF spec, the packet will try to fail over to v4. You can test this for yourself; IPv6 devices that have the stack enabled and functioning out of the box still autoconfigure a link local IPv6 address as part of NDP (DHCP is mostly deprecated in I
Wow (Score:5, Funny)
I didn't think it was possible to make the Internet Explorer and Windows XP I'm forced to use at work seem like a privilege. Congrats, North Korea. You pulled it off.
In Soviet Korea (Score:5, Funny)
Neener Neener browser? (Score:2)
Or maybe the Internet doesn't browse at all.
Re: (Score:2)
you're not getting it: corporations are already bigger than most governments, and no government whatsoever can function without them anymore.
What happened on (Score:1)
1976.1.11?
Re: (Score:2)
http://www.historyorb.com/date... [historyorb.com]
or if you switch day and month: http://www.historyorb.com/date... [historyorb.com]
This is horrible (Score:5, Funny)
This means that North Korea is VIOLATING RFC 1918! Forget all that other stuff, this must be stopped by any means necessary!
Re:This is horrible (Score:5, Insightful)
Well, they ARE using it for a private network....of sorts.
Re: (Score:3)
Well, they ARE using it for a private network....of sorts.
You can say that again! [twitter.com]
Re: (Score:3)
Why did I need your permission, exactly?
Correct me if I'm wrong... (Score:2)
In other words, the U.S. government could make attackers coming from inside the DPRK a non-issue through a (relativey cheap for a national government) DDOS service?
Re: (Score:2)
Which seems like exactly what someone did. http://www.cnbc.com/id/1022920... [cnbc.com]
Re:Correct me if I'm wrong... (Score:5, Interesting)
People obsess over this idea that North Koreans must be hacking from within North Korea, and that there's no way they could realistically do it because their connection bandwidth is so puny. They forget that North Korean government is really an organized criminal syndicate with a huge military and slave labor base. They likely have vast criminal connections. All they have to do is hire sympathetic South Korean hackers on the condition that they do their work under the North Korean banner. When all is said and done, the North Koreans come out looking like bad asses you don't want to mess with, when in reality they just farmed the work out using basic email, a courier, and a satellite phone.
We could break their internet access forever, with a never ending DDOS, and it wouldn't matter one bit.
Re: (Score:2)
They forget that North Korean government is really an organized criminal syndicate with a huge military and slave labor base.
And Kim and pals work hard to make sure people keep on forgetting it. These people are not stupid. They are as cunning as they are ruthless. They know they have no hope against military intervention, so the only way they can keep from being made to answer for their crimes against humanity is to craft their public image in such a way that they appear to be too silly to bother with. There is no political will to topple their murderous and brutal enterprise because when Westerners think "North Korea" they thin
Re:Correct me if I'm wrong... (Score:4, Informative)
They forget that North Korean government is really an organized criminal syndicate with a huge military and slave labor base.
And Kim and pals work hard to make sure people keep on forgetting it.
Do you personally know what Kim Jong Un has been up to? He has been in power only about 2 years and aside from propaganda photos, nobody knows really what he has being doing in that time, especially Westerners. Citizens of the DPRK don't even know how old he is. The only evidence giving a glimpse into his personal policies or beliefs is that he probably is quietly pushing reforms and experimenting with capitalism [washingtonpost.com]. He lived in Switzerland (probably) and has visited other capitalist countries. Turning a country around, especially one like North Korea, takes time. It is foolhardy to judge the man based on the almost nothing we know about him personally.
Re: (Score:2)
Or they have taken Nixon's mad man thesis to the logical endpoint...
Re: (Score:2)
that, and just because average joe citizen is forced to have a 10. address doesn't mean that there aren't other high bandwidth pipes reserved for close friends of the Dear Leader.
North Korean government is really an organized criminal syndicate with a huge military and slave labor base
that describes most governments.
That's how I'd do it (Score:4, Interesting)
If I were in charge of the network in a place like North Korea where it's heavily monitored and locked down, I'd run it like a big corporate LAN too, utilizing the 10.x.x.x block. The IP that every browser hits on load would be set up as an anycast address with nodes in datacenters near large groups of users (corporate campuses, or cities with lots of PCs in this case.)
The article also provides some good insight for those who aren't aware how malware can discretely provide security holes... using only one encryption key, allowing for easy man-in-the-middle attacks, as in this example.
Non-reachable yet still slashdotted (Score:5, Funny)
Re:Non-reachable yet still slashdotted (Score:5, Funny)
Nothing stops you from creating your own host at 10.76.1.11. And then slashdotting the SOB
Why is this surprising? (Score:1)
Re: (Score:3, Funny)
DPRK has one network under central control, much like a large corporate entity... it's not like there is a choice of ISPs who have to link with each other!
Anyways, the DPRK internet as used by the those DPRK citizens (still a very small percentage of the overall population) is completely airgapped from the public internet as we know it. Only a very very small number of elites have access to the 'real' internet...
So the DPRK is using AOL's old business model? That is EVIL!
Conclusion goes too far? (Score:4, Insightful)
Can you really generalize that all the internal network must be from the 10.0.0.0/8 block? What prevents those addresses from being used other than convention and router setup. Perhaps they are only for the internal government computers to make them completely invisible to outside networks.
Re: (Score:1)
> Can you really generalize that all the internal network must be from the 10.0.0.0/8 block?
Agreed, all this is evidence of is that they have, at minimum, a route for 10.76.1.0/24 at some point on their border routers.
There is nothing particularly "Magic" about 10.0.0.0/8 that would keep them from treating it as routable on their state owned infrastructure.
Re: (Score:2)
I'm not too familiar with how things are run in NK. But I understand that the state controls all network equipment and is successfully able to prevent its citizens from using other OSes and equipment. So the generalization is likely very accurate.
It really wouldn't even take that much work to pull this off. The hardest part would be keeping broadcast domain separation. If that IP is non-routable it means that either the entire country is on one broadcast domain or they're pulling off some relatively com
Re: (Score:2)
Most people don't reasonably expect that a broadcast on 10/8 would go to every machine - in practically eve
Re:Conclusion goes too far? (Score:5, Funny)
One of the funniest things I ever saw on a corporate network:
A manager had a bunch of machines in his office, and IT couldn't/wouldn't add any more network drops for him. So, he bought a little router. It turns out that the 192.168.* addresses it gave to his machine corresponded exactly to the ones the Exchange servers used, and something about the NAT crossed some signals.
Once they pieced together why email had stopped working, they immediately put a ban on those things, and immediately got him a switch which didn't do DHCP so he could have more networking in his office.
The whole time the developers were howling and thinking "really, that's the IP addresses they chose for critical infrastructure? The first one in the open pool?"
Everything defaults to starting at 192.168.0.1, which means if you're using it you might not like the results.
Re: (Score:2)
I've got something close to that in my past...
Years ago I worked for a managed service provider with about 100 different companies all within one managed network. Part of the consumer contracts were that companies would buy their components, but would not have the power to manage them while under the contract. Also, they could only purchase approved hardware for their infrastructure (all Cisco).
Every once in a while we would get a call that people's interwebs were going super slow, or not working. In mos
Re: (Score:2)
You sound a little like a control freak.
dd-wrt in client mode. And MAC spoofing. And fuck you ;)
Re: (Score:2)
Not really, he sounds like somebody who's realised that people will continue to flaunt the rules until there are consequences. He also sounds like he's decided that if people are going to ignore their supervisor about home routers, then you might as well fuck with them.
I do something similar in our office - we're essentially serviced offices, so underwriters bring in their own laptops. We don't block anything, apart from Bittorrent, not only because it's *my* name on our subnet whois, but also because it sp
Re: (Score:2)
Upside-down internet is a lot of fun. And you're right. I'm not a control freak. We set up security rules and guidelines for a reason. Some of these places have stringent compliance needs for HIPPA, PCI, and other regulations that strictly forbid the behavior I mentioned. So, yeah, I'm fucking with him but I'm also not getting him fired, either. It's my ass on the line and as long as I can keep the situation under control it's not a big deal.
Re: (Score:2)
I don't know ... you could try to, you know, help him achieve his goals in a better way that doesn't violate the rules. Suggest setting up an isolated intranet for wireless. If you're in charge of the network, why would you not set up WiFi to begin with; that just sucks.
It seems to me you're making yourself part of the problem, rather than the solution, by just blocking people. You do that, of course people will try to get around you. And, if that guy wants wireless enough, he'll eventually look up how
Re: (Score:2)
I didn't see a reason to go into the details of this particular situation more than that which I found humorous and nerdy. I still don't. The situation was handled very professionally, as I handle all situations. But the professional part isn't as interesting in this context to me as perhaps it is to you.
If you find yourself in a situation like this and you circumvent the rules and get away with it, bully for you. If I'm your net admin and I find out about it, I'll make sure to type up a full report as
Re: (Score:2)
But the professional part isn't as interesting in this context to me as perhaps it is to you.
Yeah, not going to be lectured by you, and not scared of you, either. I know enough to ignore you, and end-run around you, without violating the rules. For instance, I would have tethered my phone, not set up my own router. Although long-term I probably would have quit a company so dysfunctional it doesn't provide wireless its employees. Not for that, but because dysfunction in one area usually correlates with dysfunction everywhere.
And that was my point. You were part of a dysfunctional system in this
Re: (Score:2)
Re: (Score:2)
I'm a network engineer, so I'm fully aware of how one should be doing this sort of thing.
From the context of TFA the author went out of the way to mention that the IP is both non-routable and unreachable from non 10.0.0.0/8 addresses. I inferred from this that the author meant to say that internally the call to 10.76.1.11 would somehow be assumed to be on the same network of each host. I didn't find it that hard to believe because it can be done, and it's entirely possible that DPRK just doesn't have enou
Re: (Score:2)
it's what people do for 192.168.*.x - 192.168.0.x is for servers behind the firewall, 192.168.1.x is for PCs, 192.168.2.x is VPN, etc.
I suppose the bigger thing is that they decided to use private IP space rather than setting up a set of colliding public IP addresses.
Just hope that they don't use Belkin routers in that office, since the default address of a Belkin router is 192.168.2.1
Re: (Score:2)
If that IP is non-routable it means that either the entire country is on one broadcast domain or they're pulling off some relatively complicated layer 2/3 network segregation (lots of enormous lookup tables, etc). I imagine communications would be very slow all around either way.
I think that the submitter getting all "zOMG they're running the whole damn country on 10.0.0.0/8!!!!11one" is at best premature, but assuming that they were, I'm wondering why you'd believe it's organized as one flat network requiring any kind of magic to operate? There's plenty of room to subnet in that /8...
Re: (Score:2)
As I mentioned in another post, the author went out of his way to state that it was non-routable and unreachable from the outside. It sounded like he was implying there was no subnetting (as you will always need a route to get from one subnet to another). I'm a network engineer so I know perfectly well how this should be set up. There are ways to use layer 3 switches to prevent broadcasts from going where they don't likely belong.
And, in another article discussion, I mentioned that I've redone a corporat
Re: (Score:2)
Come on, a WRT54g apparently supports up to 253 clients, they'd need at least two or three.
Re: (Score:2)
No. I think that this is a huge over-reach in terms of inferring how the North Korean Internet/LAN is set up. All they have to do in North Korea is to configure their routers to route the 10.0.0.0/8 addresses as they want, amongst the "real" IP addresses. Yes, it breaks RFCs, but does anyone in power in Nort Korea care about RFCs?
Re: (Score:2)
Also likely makes it that much harder to use smuggled in hardware to reach the outside world.
Re: (Score:2)
Re: (Score:3)
Can you really generalize that all the internal network must be from the 10.0.0.0/8 block? What prevents those addresses from being used other than convention and router setup. Perhaps they are only for the internal government computers to make them completely invisible to outside networks.
Its written poorly, but it sounds to me merely like the default site on the browser is set to http://10.76.1.11.../ [76.1.11] so its possible whomever built that first instance is using a private network, used that internal address to test that his build worked, or is using an IP is not live, somehow left the default in there when it was distributed... or maybe all home rout
Re: (Score:2)
The /8 part may be a stretch, but it would not surprise me if they run the nation on the 10.x.x.x range (or at least the public facing stuff).
they can still nest the B and C ranges inside that, and you have to know your stuff to reach the outside world via smuggled in equipment. And such attempts probably sticks out like a sore thumb to the uniforms operating the national firewall.
not that weird (Score:2)
Re: (Score:2)
The article seemed a bit overexcited to me. Is it really that surprising that they use 10.x space? It's not like Internet access is widely used in NK. And most of the other items were not what I would call weird, just what you would expect in a regime like this. Still, kudos to the author for doing this analysis.
Heh I was wondering that too.. I wouldn't call it "going off the rails", it's exactly what any of us would do to "solve" the problem of limiting and monitoring the internet access of millions of users.
Re: (Score:3)
Re: (Score:2)
The Narnia Browser (Score:1)
Just wait until everyone in North Korea finds out that the animals in the rest of the world don't actually speak English!!!!
Re:The Narnia Browser (Score:4, Funny)
Kim Il-Sung invented English in 1976 to stunt the intellectual development of the Western world.
Re: (Score:3)
Close, but no cigar.
Hint: Apple Computer Inc. got founded April 1, 1976.
Re: (Score:2)
Wait, all ducks in the world actually speak Engl... sorry I meant all English speaking people in the world actually speak like ducks.
They missed a more likely possibility (Score:2)
The entire country of North Korea is sitting on one class A network (16,777,216 addresses).
Possible but not likely. It is more likely that the country is split into many state run networks, all of which have a state owned machine with a 10.76.1.11 interface. It would provide more IP space, segregate the country into different Internet groups (in N Korea probably social classes), provide protection for some of those classes against DDOS worms infecting other classes, and make the "for your own good citizen" monitoring more tractable.
Slightly jumping to conclusions (Score:5, Interesting)
When I first saw an image of the browser I was awe-struck to see that it made a request to an adddress (http://10.76.1.11/) upon first run.
This guy may want to tweak his astonishment threshold before going outside.
"Here's where things start to go off the rails: what this means is that all of the DPRK's national network is non-routable IP space.
Not necessarily. He might well be right, but it might it not just be that the address is actually routeable from within DPRK, and that the IP address was deliberately chosen so as not to be routeable from the outside world?
That's a big "Hah, hah" to all IPv4 NAT Haters (Score:2)
Clearly, you can NAT an entire nation! IT JUST WORKS!
(Of course, the fact that one of the most reclusive and oppressive nations in the world is using this isn't a shining endorsement, but still....)
NK NAT (Score:2)
Clearly, you can NAT an entire nation! IT JUST WORKS!
(Of course, the fact that one of the most reclusive and oppressive nations in the world is using this isn't a shining endorsement, but still....)
Sure, but your big NK router only has 64K ports per external IP address. It will probably croak well before it has 64K NAT sessions going, though.
Re: (Score:2)
Is this news? (Score:2)
The part about the whole DPRK essentially being on a single giant LAN that you can't reach from the outside. That's not news to me.
It's URL, not IP. And 10/8 is _routable. (Score:4, Informative)
Another summary written by a clueless, not a nerd.
10/8 network is a perfectly routable IP range.
http://10.76.1.11./ [76.1.11] is a URL, not an IP address.
It also has an extra dot before the closing slash.
"News for _nerds_", sure...
Re: (Score:2)
Another summary written by a clueless, not a nerd.
10/8 network is a perfectly routable IP range.
http://10.76.1.11./ [76.1.11] is a URL, not an IP address. It also has an extra dot before the closing slash.
"News for _nerds_", sure...
Good stuff! I hope you're kidding. That's not a URL, nor an extra dot before the trailing slash (see TFA) because most sentences in English end in a period. And if you can route to it, you're probably in N. Korea or running the same private network elsewhere.
It is just Carrier Grade NAT (Score:2)
Plenty of people get RFC 1918 or RFC 6598 instead of public addresses from their ISP. I would guess that the majority of internet connections in the world are given private space.
It is not common in the US because the US is still drowning in IP addresses, and a lot of the customers are using cable or DSL. In Europe you will often be behind CGN when you use a mobile ISP, and in Asia you will likely be behind CGN no matter how you connect.
Welcome to 2015.
(Of course most ISP's do not hand out browsers at all,
Fully monitored (Score:2)
Re: (Score:1)
Nobody will ever need more than 16 777 216 I.P. addresses.
signed,
Kim Jong-un
North Korea, Supreme leader
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:Translation pls. (Score:5, Informative)
There are some addresses on the internet that are only associated (except for misuse) with 1 device, these are "public IP".
There are some addresses on the internet that are intended to be associated with multiple devices, these are "private IP".
Private addresses can only be "seen" on a local network, so only one instance of a private address per local network. If you ask for a connection to a private address and the local network doesn't have it, your network won't make any connection for you (even though hypothetically there is several people in the world on other local networks with that address).
It's like being at a family reunion and asking for "John", and not getting a response because no one there is named John, even though a lot of people in the world share that name. On the other hand, if you ask for "Gilgamesh", well then people know to send you to ancient Sur, even though no one in your family is named "Gilgamesh". John is a private reusable identifier, Gilgamesh is a public unique identifier.
The consequence of this is that to run a service for which machines from outside of your local network can connect to, you have to associate the service with a public address. Due to North Korea being one gigantic "local network" (something that usualy only exists on the scale of homes and companies), no one in the world can request a connection to anyone in North Korea, unless a public address/port pair is preallocated to that person. NKoreans can still request connections to the rest of the world, assuming that the routers on the edge of their private network can remember all those connections. For a healthy country, remembering so much would be almost impossible, but for North Korea, it is a sign of how few people can make Internet connections to the rest of the world.
Re: (Score:3)
There are some addresses on the internet that are only associated (except for misuse) with 1 device, these are "public IP".
There are some addresses on the internet that are intended to be associated with multiple devices, these are "private IP".
That has nothing to do with it.
All IP addresses are only suppose to point to one device; though a device may have multiple IP addresses. The difference is whether or not they are publically visible and routeable.
There is nothing saying that North Korea didn't take a part of the 10.a.b.c range and define it as a public network within their country. So they are not necessarily segregating the whole country. Simply put - there is not enough information to substantiate whether the whole country is in a pr
Re: (Score:2)
made that range public within the country.
The word you (and others) are looking for is "route-able", not "public".
There are a lot of IANA-assigned (i.e., "public") IPs that aren't routable from all other arbitrary IP addresses, while many places have made private IPs routable for some or all of their network, just like North Korea has done.
Re: (Score:2)
made that range public within the country.
The word you (and others) are looking for is "route-able", not "public".
There are a lot of IANA-assigned (i.e., "public") IPs that aren't routable from all other arbitrary IP addresses, while many places have made private IPs routable for some or all of their network, just like North Korea has done.
Typically the "public" IP is considered "route-able"; but regardless, I was trying to stay within the bounds of the OP's request of:
translate this for the people that do not understand network speak.
The term "route-able" would be considered "network speak"; thus I avoided it.
Re: Translation pls. (Score:2)
Re: (Score:2)
Gilgamesh and Enkidu, at Uruk.
Re:Translation pls. (Score:4, Funny)
Gilgamesh and Enkidu, at Uruk.
Darmok and Jalad at Tanagra.
Re: (Score:2)
He should have told him to point his browser to http://127.0.0.1/ [127.0.0.1] for an insightful article on non-routable IP addresses.
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
Can someone translate this for the people that do not understand network speak.
Network Addresses, known as IP Addresses, are allocated into several groupings, namely Public, Private, Multicast, Local, and non-usable.
The addresses are also allocated in blocks - A, B, and C - which has to do with how many addresses are available in the block purchased.
The Private group consists of addresses 10.a.b.c, 192.168.x.y, and 172.16.x.y. These are considered class A, B, and C respectively. These addresses are suppose to only be used on private networks - e.g in your home, office, etc - as su
Re: (Score:3)
Hey I have written a TCP/IP stack* and don't remember the specifics anymore... Thinking that every technical person remembers every thing they ever touched is idiotic. Thinking every technical person knows details of everything is even more idiotic.
(* embedded stuff using good old SLIP)
Re: (Score:2)
Technology isn't neutral. And some technologies are not positive. And some otherwise-positive technologies can be abused in ways or on scales which couldn't be achieved in their absence. Any so-called "nerd" or enthusiast of technology who is not also cautious of technological advancements and their uses is a zealot.
If technological zealotry is indeed a waning trend on Slashdot, so much the better.
Re: (Score:2)
Re: (Score:2)
Scroll to the bottom of the page and select "Slashdot Classic". That's it. I had to do that this morning, too.
Re: (Score:2)
Probably via China. Then China has a nice little puppet that has much better tools and capabilities than we would otherwise expect.
Just a guess though.
Re: (Score:2)
Wow. Where to start with this post.
Maybe I don't understand how the internet work. so like, one router in North Korea handles all the connections? I guess other countries have more routers to connect to other countries?
North Korea does not just have 1 router. And most countries do not have 'more' routers. Countries have tens of thousands to hundreds of thousands of routers.
192.168.0.0/16 and 10.0.0.0/8 are private IP addresses. You can use the same private range as your neighbour and their neighbours neighbour.
As others have noted, North Korea probably has lots of small networks with a government mandated router listening on 10.76.1.11 on each one of those networks.
I don't see many articles and personal blogs from the people of North Korea. Maybe only the wealthy people can afford internet access?
Because nobody in Nort