Scanning North Korean Public IP space

Q

Dec 22, 2014 • 2 min read

**Some noteworthy points:**

- The allocated North Korean network range is 175.45.176.0/22 - 210.52.109.0 – 210.52.109.255 block is assigned to North Korea through Chinese company China Unicom - 77.94.35.0/24 — this block is assigned to North Korea by SatGate (Russian satellite company) - He basically ran Nmap scans: nmap -p1-65535 -sV -O 175.45.176.0/22 -T4 > nk.scan & nmap -p1-65535 -sV -O 175.45.176.0/22 -T4 -Pn > nkall.scan & - Home Brew Linux distro Red Star OS ([https://en.wikipedia.org/wiki/Red_Star_OS](https://en.wikipedia.org/wiki/Red_Star_OS)) is their dominant OS of choice. Apparently it used to resemble Win XP era and now resembles Mac. I guess new dictator (and honorary Director of OS Design???) is a Mac fan ![:)](https://geekmemos.com/wp-includes/images/smilies/simple-smile.png) - They also use CentOS (Probably avoiding having to pay for RedHat support). - Macintosh machines of 2008 model have also been spotted. - 5900/tcp open vnc Apple remote desktop vnc -

`VNC service exposed on public space? Not a good idea now is it?`

- - Since they haven’t adapted to newer technologies, their networks and systems expose tons of services: - Apache for HTTP (web), BIND for DNS and Cisco equipment at the border. For SMTP (email), they expose a bunch of different services, from Cisco PIX smptd running on their routers, to sendmail on a machine. Their mailservers sometimes expose Cyrus on POP3’s port. Oh, they’re also into Icecast for their streaming media servers, though it’s unclear whether they’re still using the same thing now. They’ve also had some Windows machines running IIS. - One of their routers appear to be configurable remotely, which is one of those things likely to catch eyes: -

Nmap scan report for 175.45.178.129 Not shown: 65523 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh Cisco SSH 1.25 (protocol 1.99) 23/tcp open telnet Cisco router telnetd 80/tcp open http Cisco IOS http config 443/tcp open ssl/http Cisco IOS http config

You know I tried to connect to it but didn’t work. I bet they either took if offline or disabled remote config page ![:)](https://geekmemos.com/wp-includes/images/smilies/simple-smile.png)

- And, wait of it …… they’ve got VMWare:

Nmap scan report for 175.45.178.134 Not shown: 65534 filtered ports PORT STATE SERVICE VERSION 912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose|phone Running: Microsoft Windows 2008|Phone|Vista|7 OS CPE: cpe:/o:microsoft:windows_server_2008::beta3 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_7 OS details: Microsoft Windows Server 2008 Beta 3, Microsoft Windows Phone 7.5, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008

Sign up for more like this.