North Korea drops off the Internet in suspected DDoS attack!

PYONGYANG, North Korea (PNN) - December 23, 2014 - North Korea's negligible Internet connectivity appears to have faltered. First spotted by Internet performance management firm Dyn Research, North Korean routers have been inaccessible, and its scant IP allocation - just 1024 addresses - appears to be offline.

Arbor Networks reports that North Korean systems have been sporadically under attack for several weeks, and that a sustained attack started earlier today. The attacks appear to be a mix of Network Time Protocol (NTP) and Simple Service Discovery Protocol (SSDP) amplification attacks, which allow attackers even with modest resources to generate large floods of traffic.

Arbor's analysis suggests that the volume of traffic itself is not considerable; it peaked at just shy of 6GBPS on December 20. That such a trickle of traffic is able to knock North Korea offline is a testament to the country's virtually non-existent infrastructure. All of North Korea's Internet traffic passes through a peering connection with China Unicom; it's not known what the bandwidth of the connection is, but it's almost certainly less than 10GBPS. Almost the entire network within North Korea is restricted to the capital city, Pyongyang.

The big question, of course, is who's responsible. With North Korea an easy victim to take down, the list is long. Anonymous has voiced its collective discontent at North Korea over the withdrawal of the film The Interview and promised retaliation. Lizard Squad, a group that also claims to be responsible for much larger denial of service attacks against Xbox Live and others, also claims responsibility.