Apple Remote Management Service Abuse

Berkeley Lab Cyber Security has discovered bad guys exploiting Apple’s Remote Management service to conduct reflected denial-of-service (DoS) attacks. In response, they have temporarily blocked port 3283 UDP at the network border to prevent further abuse.  This should have no noticeable impact to anyone.  

What to do?

In order to protect Berkeley Lab computers from participating in this hostile activity, we require all users to disable Apple Remote Management Service.  To disable this service:

  1. In Apple Menu, select System Preferences
     
  2. Select Sharing
     
  3. Uncheck Remote Management
     

This change will not have any adverse effects for most users and in fact is the Apple default.  You can still use Apple Remote desktop and VNC to connect if you enable "Screen Sharing". If you believe disabling Remote Management will create an adverse situation for you, please contact security@lbl.gov

IT will use BigFix to prompt users to automatically disable the Apple Remote Management Service on all systems running in Active Management Mode. For systems in Passive Management Mode, a BigFix Offer will be provided for users to disable it manually.

              

BigFix can be downloaded from https://go.lbl.gov/DownloadBigFix. For any further inquiries Request Help.

Technical Details