North Korea Offline With Invalid Routes for AS131279
Contents
On March 18, 2025, at around 9:38 AM UTC, connectivity to AS131279 dropped. Shortly after, at 9:50 AM UTC, a change in the Start of Authority (SOA) record and an update to the Route Origin Authorization (ROA) were detected.
The update introduced a new ROA for 175.45.176.0/22, authorizing AS131279 as the origin but setting a maximum prefix length of /22. Previously, AS131279 had been announcing four /24s (175.45.176.0/24, 175.45.177.0/24, etc.), which had not been marked as invalid. After the change, these /24s exceeded the allowed length and were classified as RPKI Invalid.
Until these changes are fixed, anything in 175.45.176.0/22 will remain unreachable. Interestingly these errors come almost a month after some unauthorized changes were made: https://nkinternet.wordpress.com/2025/02/23/north-korea-whois-records-hijacked/
Update
Looks like as of 2025-03-19 02:15 UTC everything is coming back online. It is interesting however that it took 17 hours between when the initial connections dropped and when everything came back online.
Discover more from North …
The update introduced a new ROA for 175.45.176.0/22, authorizing AS131279 as the origin but setting a maximum prefix length of /22. Previously, AS131279 had been announcing four /24s (175.45.176.0/24, 175.45.177.0/24, etc.), which had not been marked as invalid. After the change, these /24s exceeded the allowed length and were classified as RPKI Invalid.
Until these changes are fixed, anything in 175.45.176.0/22 will remain unreachable. Interestingly these errors come almost a month after some unauthorized changes were made: https://nkinternet.wordpress.com/2025/02/23/north-korea-whois-records-hijacked/
Update
Looks like as of 2025-03-19 02:15 UTC everything is coming back online. It is interesting however that it took 17 hours between when the initial connections dropped and when everything came back online.
Discover more from North …