Hello and welcome to the Tuesday, January 31st, 2021, 2023 edition of the Sansonet Storms, Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

I put up a quick diary today with some of these sort of DNS over HTTP or HTTP requests that I've

been observing lately. It looks like there is a group out there that is still trying to

enumerate the DNS over HTTP servers. You of course all know the big ones like your Googles and

Cloudflarelares and such offering

the service, but what I suspect here is that there are individuals who are trying to get

a trusted DNS service going and who don't have access due to some counterfeit block lists

and such to the well-known DNS

over-Htips services. So I think that's why I'm seeing that. So far, pretty much all of the

lookups are for bidu.com. If you do run DNS over-HtPS service that's accessible to the public.

Maybe you set it up for friends and family and didn't really bother or weren't quite able,

based on dynamic IPs and such, to lock it down.

I don't think that's something you have to be too worried about.

I suspect that all they're really after is sort of an anonymizing DNS service, so probably

not going to cause too much harm other than maybe some resource exhaustion there if the requests

become too many and then some rate limiting may help there. I started sending back some valid answers myself just to see what else is coming,

but after a day so far, not much other than just some simple broaps. If anybody has any other

ideas, well, let me know and maybe there is more to it. And we've got two news items actually related to GitHub.

The first one, probably the more severe one here is that GitHub detected beginning of

December an unauthorized access to a repository for the development of its GitHub desktop

and atom products.

...