Berkeley Lab Cyber Security recently reported a new DDoS attack exploiting vulnerabilities in Apple’s Remote Management Service (aka Apple Remote Desktop). In response, they have temporarily blocked port 3283 at the network border. As a result, users will not be able to connect to Apple systems from off-site without the use of VPN. For more information on this threat, please see Netscout’s article “A Call to ARMS: Apple Remote Management Service UDP Reflection/Amplification DDoS Attacks.”
What is a DDoS?
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target using a flood of Internet traffic and rendering it unresponsive. Think of it as the inability to receive emergency service from the 911 operator when everyone is calling for help during a disaster. The system is overwhelmed and everyone is denied service.
What to do?
IT will require all users to disable Apple Remote Management Service to minimize the threat to your system. See Apple Remote Management to disable the service. Please note that users will still be permitted to use Apple Screen Sharing.
IT will use BigFix to automatically disable the Apple Remote Management Service on all systems running in Active Management Mode. For systems in Passive Management Mode, a BigFix Offer will be provided for users to disable it manually.
BigFix can be downloaded from https://go.lbl.gov/DownloadBigFix. For any further inquiries contact the Help Desk.
