Berkeley Lab Cyber Security has discovered bad guys exploiting Apple’s Remote Management service to conduct reflected denial-of-service (DoS) attacks.
What to do?
In order to protect Berkeley Lab computers from participating in this hostile activity, we require all users to disable Apple Remote Management Service. To disable this service:
- In Apple Menu, select System Preferences
- Select Sharing
- Uncheck Remote Management
This change will not have any adverse effects for most users and in fact is the Apple default. You can still use Apple Remote desktop and VNC to connect if you enable "Screen Sharing". If you believe disabling Remote Management will create an adverse situation for you, please contact email@example.com.
IT will use BigFix to prompt users to automatically disable the Apple Remote Management Service on all systems running in Active Management Mode. For systems in Passive Management Mode, a BigFix Offer will be provided for users to disable it manually.
- You can read more about reflected denial-of-service (DoS) attacks at https://www.us-cert.gov/ncas/alerts/TA14-017A.
- For more information on this threat, please see Netscout’s article “A Call to ARMS: Apple Remote Management Service UDP Reflection/Amplification DDoS Attacks.”