Scan of SpaceX Starlink Network (AS14593)

Traceroute from Google Cloud West to Starlink (AS14593)
traceroute to 192.31.243.1 (192.31.243.1), 30 hops max, 60 byte packets
1 * 66.249.94.93 (66.249.94.93) 7.475 ms 74.125.37.205 (74.125.37.205) 7.409 ms
2 72.14.236.185 (72.14.236.185) 8.201 ms 64.233.175.1 (64.233.175.1) 9.707 ms ae27.cs1.sea1.us.eth.zayo.com (64.125.29.0) 7.703 ms
3 108.170.245.117 (108.170.245.117) 7.411 ms 108.170.245.101 (108.170.245.101) 7.736 ms 74.125.243.199 (74.125.243.199) 7.591 ms
4 * * *
5 host.starlinkisp.net (192.31.243.1) 8.195 ms ae27.cs1.sea1.us.eth.zayo.com (64.125.29.0) 7.379 ms 7.472 ms

This gives us a small tidbit of info, the network currently resolves to host.starlinkisp.net. We can expect this to be the future domain for StarLink. For now, it 301 redirects to the SpaceX homepage, but I’m monitoring the domain for updates.

Full Network Scan:


sudo nmap -O -sV --version-intensity 5 192.31.243.0/24
Starting Nmap 6.40 ( http://nmap.org ) at 2019-02-21 18:56 UTC
Nmap scan report for host.starlinkisp.net (192.31.243.1)
Host is up (0.0100s latency).
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
22/tcp filtered ssh
25/tcp filtered smtp
111/tcp open rpcbind 2-4 (RPC #100000)
179/tcp open bgp?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port179-TCP:V=6.40%I=5%D=2/21%Time=5C6EF46D%P=x86_64-redhat-linux-gnu%r
SF:(NULL,32,"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\
SF:xff\0\x1d\x01\x049\x01\0Z\n\xce\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff
SF:\xff\xff\xff\xff\xff\xff\xff\xff\0\x15\x03\x06\x05")%r(GenericLines,32,
SF:"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x1d
SF:\x01\x049\x01\0Z\n\xce\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\
SF:xff\xff\xff\xff\xff\xff\0\x15\x03\x06\x05")%r(GetRequest,32,"\xff\xff\x
SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x1d\x01\x049\x
SF:01\0Z\n\xce\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff
SF:\xff\xff\xff\0\x15\x03\x06\x05")%r(HTTPOptions,32,"\xff\xff\xff\xff\xff
SF:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x1d\x01\x049\x01\0Z\n\xc
SF:e\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x
SF:ff\0\x15\x03\x06\x05")%r(RTSPRequest,32,"\xff\xff\xff\xff\xff\xff\xff\x
SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\0\x1d\x01\x049\x01\0Z\n\xce\n\x02\0\
SF:xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x15\x
SF:03\x06\x05")%r(RPCCheck,32,"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf
SF:f\xff\xff\xff\xff\xff\0\x1d\x01\x049\x01\0Z\n\xce\n\x02\0\xff\xff\xff\x
SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x15\x03\x06\x05")%
SF:r(DNSVersionBindReq,32,"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf
SF:f\xff\xff\xff\xff\0\x1d\x01\x049\x01\0Z\n\xce\n\x02\0\xff\xff\xff\xff\x
SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x15\x03\x06\x05")%r(He
SF:lp,32,"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff
SF:\0\x1d\x01\x049\x01\0Z\n\xce\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff\xf
SF:f\xff\xff\xff\xff\xff\xff\xff\0\x15\x03\x06\x05")%r(SSLSessionReq,32,"\
SF:xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x1d\x
SF:01\x049\x01\0Z\n\xce\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf
SF:f\xff\xff\xff\xff\xff\0\x15\x03\x06\x05")%r(Kerberos,32,"\xff\xff\xff\x
SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x1d\x01\x049\x01\0
SF:Z\n\xce\n\x02\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff
SF:\xff\xff\0\x15\x03\x06\x05");
Device type: router|switch|firewall|storage-misc|general purpose|printer
Running (JUST GUESSING): Juniper embedded (95%), Juniper JUNOS 8.X|9.X|10.X|11.X (95%), Acme Packet embedded (92%), FreeBSD 6.X (92%), Epson embedded (90%)
OS CPE: cpe:/h:juniper:m7i cpe:/o:juniper:junos:8 cpe:/o:juniper:junos:9 cpe:/o:juniper:junos:10 cpe:/o:juniper:junos:11 cpe:/o:freebsd:freebsd:6 cpe:/h:epson:stylus_pro_400
Aggressive OS guesses: Juniper M7i router (95%), Juniper Networks J2320 or MX5-T router; or EX2200, EX3200, EX4200, or EX8200 switch (JUNOS 8.5 - 11.2) (95%), Juniper Networks JUNOS 8.5B2.5 (95%), Juniper JUNOS 9.4R2.9 (93%), Acme Packet Net-Net 4250 VoIP session border controller (92%), FreeNAS 0.69RC2 (FreeBSD 6.4-RELEASE) (92%), FreeBSD 6.2-STABLE - 6.4-STABLE (92%), FreeBSD 6.3-RELEASE-p1 (92%), FreeNAS 0.69RC2 (FreeBSD 6.4-RELEASE-p3) (91%), FreeBSD 6.3-STABLE (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 7 hops

From this info, we can gather Starlink is likely using a Juniper powered router for this single IP. Unfortunately, connections to port 25 and 22 timeout so no further information could be gathered from that end.

The remaining hosts replied in the following way:

Nmap scan report for host.starlinkisp.net (192.31.243.2)
Host is up.
All 1000 scanned ports on host.starlinkisp.net (192.31.243.2) are filtered
Too many fingerprints match this host to give specific OS details
...
Nmap scan report for host.starlinkisp.net (192.31.243.254)
Host is up.
All 1000 scanned ports on host.starlinkisp.net (192.31.243.2) are filtered
Too many fingerprints match this host to give specific OS details

 

 

Scan From 2018-04-16:


sudo nmap -O -sV --version-intensity 5 192.31.243.0/24

Starting Nmap 6.40 ( http://nmap.org ) at 2019-04-16 16:22 UTC
Nmap scan report for sea-fw-0.starlinkisp.net (192.31.243.1)
Host is up (0.0078s latency).
All 1000 scanned ports on sea-fw-0.starlinkisp.net (192.31.243.1) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.9)
Host is up (0.0078s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.9) are filtered
Too many fingerprints match this host to give specific OS details

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 256 IP addresses (2 hosts up) scanned in 48.30 seconds

Latest Scan 2019-10-21

Starting Nmap 6.40 ( http://nmap.org ) at 2019-10-21 20:18 UTC
Nmap scan report for sea-fw-0.starlinkisp.net (192.31.243.1)
Host is up (0.0092s latency).
All 1000 scanned ports on sea-fw-0.starlinkisp.net (192.31.243.1) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.9)
Host is up (0.0091s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.9) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.13)
Host is up (0.0077s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.13) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.14)
Host is up (0.0076s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.14) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.17)
Host is up (0.0075s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.17) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.33)
Host is up (0.0079s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.33) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.34)
Host is up (0.013s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.34) are filtered
Too many fingerprints match this host to give specific OS details

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 256 IP addresses (7 hosts up) scanned in 148.79 seconds

 

 

scan from 2020-12-27


Starting Nmap 6.40 ( http://nmap.org ) at 2020-12-28 06:16 UTC
Nmap scan report for sea-fw-0.starlinkisp.net (192.31.243.1)
Host is up (0.047s latency).
All 1000 scanned ports on sea-fw-0.starlinkisp.net (192.31.243.1) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.9)
Host is up (0.047s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.9) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.10)
Host is up (0.0076s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.10) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.13)
Host is up (0.0096s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.13) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.14)
Host is up (0.0070s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.14) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.17)
Host is up (0.0093s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.17) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.33)
Host is up (0.0096s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.33) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.34)
Host is up (0.0065s latency).
All 1000 scanned ports on host.starlinkisp.net (192.31.243.34) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for host.starlinkisp.net (192.31.243.35)
Host is up (0.0070s latency).
Not shown: 964 filtered ports, 34 closed ports
PORT STATE SERVICE VERSION
5060/tcp open ssl/sip?
8080/tcp open ssl/http-proxy?
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port5060-TCP:V=6.40%T=SSL%I=5%D=12/28%Time=5FE97873%P=x86_64-redhat-lin
SF:ux-gnu%r(GenericLines,C,"ERROR\nERROR\n")%r(GetRequest,39,"HTTP/1\.1\x2
SF:0500\x20Internal\x20Server\x20Error\r\nConnection:\x20Close\r\n\r\n")%r
SF:(HTTPOptions,39,"HTTP/1\.1\x20500\x20Internal\x20Server\x20Error\r\nCon
SF:nection:\x20Close\r\n\r\n")%r(RTSPRequest,39,"HTTP/1\.1\x20500\x20Inter
SF:nal\x20Server\x20Error\r\nConnection:\x20Close\r\n\r\n")%r(Help,6,"ERRO
SF:R\n")%r(SSLSessionReq,1E,"\x08\xaa\x85\x14\xd4\x01R\x93g\x17\xd4C\xc0\x
SF:db\xc49\\\x82y~\x9bX\xa4p\x0eBN\xe1\x84\n")%r(Kerberos,1A,"\xf9\x1cJ\xa
SF:f\x14O\x06\x8c\)\x0f\xcf\xad\x99\"3rV\x92\xb0\xbeT4\x83\xde\xed\n")%r(S
SF:IPOptions,39,"HTTP/1\.1\x20500\x20Internal\x20Server\x20Error\r\nConnec
SF:tion:\x20Close\r\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8080-TCP:V=6.40%T=SSL%I=5%D=12/28%Time=5FE97878%P=x86_64-redhat-lin
SF:ux-gnu%r(GenericLines,C,"ERROR\nERROR\n")%r(GetRequest,39,"HTTP/1\.1\x2
SF:0500\x20Internal\x20Server\x20Error\r\nConnection:\x20Close\r\n\r\n")%r
SF:(HTTPOptions,39,"HTTP/1\.1\x20500\x20Internal\x20Server\x20Error\r\nCon
SF:nection:\x20Close\r\n\r\n")%r(RTSPRequest,39,"HTTP/1\.1\x20500\x20Inter
SF:nal\x20Server\x20Error\r\nConnection:\x20Close\r\n\r\n")%r(Help,6,"ERRO
SF:R\n")%r(SSLSessionReq,1B,"\xf9\x1cJ\xaf\x14O\x06\x8c\)\x0f\xcf\xad\x99\
SF:"3rA\xea\xca\xd1\xef\x01\x8d\x8a\x86\x03\n")%r(Kerberos,2A,"\xf40\xef\x
SF:f0\xa0\x02O\x1f\xeb\x8fj\xcbC\.\x1c\xe3\*\xc5C\x9a\x14\xc6\(\xe0\xf0y\x
SF:f5\xea\x04\x1cA\xfb\x9cu\xda\x8b\xeb%\x92f\xc3\n")%r(SIPOptions,39,"HTT
SF:P/1\.1\x20500\x20Internal\x20Server\x20Error\r\nConnection:\x20Close\r\
SF:n\r\n");
Aggressive OS guesses: Netgear DG834G WAP or Western Digital WD TV media player (94%), Linux 2.6.32 - 3.6 (94%), Linux 2.6.32 (94%), Linux 2.6.32 - 3.9 (93%), Crestron XPanel control system (93%), Linux 3.8 (92%), Linux 3.1 (90%), Linux 3.2 (90%), Linux 2.6.32 - 2.6.35 (90%), Linux 2.6.32 - 3.2 (90%)
No exact OS matches for host (test conditions non-ideal).

Nmap scan report for host.starlinkisp.net (192.31.243.64)
Host is up (0.0080s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
25/tcp filtered smtp
53/tcp open tcpwrapped
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.40%E=4%D=12/28%OT=53%CT=1%CU=30041%PV=N%DS=5%DC=I%G=Y%TM=5FE978
OS:CE%P=x86_64-redhat-linux-gnu)SEQ(SP=105%GCD=1%ISR=10F%TI=Z%CI=I%II=I%TS=
OS:8)OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5
OS:B4ST11NW7%O6=M5B4ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=712
OS:0)ECN(R=Y%DF=Y%T=3B%W=7210%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=3B%S=O%A=S
OS:+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=3B%W=0%S=A%A=Z%F=R%O=%RD=0%Q=
OS:)T5(R=Y%DF=Y%T=3B%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=3B%W=0%S=A%
OS:A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=3B%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%
OS:DF=N%T=3B%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=
OS:3B%CD=S)

Network Distance: 5 hops

Nmap scan report for sea-cgnat-241.starlinkisp.net (192.31.243.241)
Host is up (0.011s latency).
All 1000 scanned ports on sea-cgnat-241.starlinkisp.net (192.31.243.241) are filtered
Too many fingerprints match this host to give specific OS details

Nmap scan report for sea-cgnat-242.starlinkisp.net (192.31.243.242)
Host is up (0.0079s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
500/tcp closed isakmp
1723/tcp closed pptp
Too many fingerprints match this host to give specific OS details

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 256 IP addresses (12 hosts up) scanned in 165.53 seconds

Leave a Comment