DNS configuration tampering on a pool.ntp.org GeoDNS server
12 hours ago
- #DNS tampering
- #access control breach
- #NTP Pool security
- A volunteer hosting a GeoDNS server manipulated DNS zone weights for the NTP Pool service domain, boosting specific IPv6 addresses.
- The volunteer used SSH access from a firewall exception to install tools that modified zone data every two minutes and maintained persistent remote access.
- Impact was limited due to the server handling only 2-10% of traffic and regular configuration refreshes overwriting modifications.
- The breach involved tampering with DNS infrastructure, but affected NTP servers were legitimate pool members with accurate responses.
- The incident led to securing the server, reviewing access controls, and implementing stricter policies without firewall exceptions.