Berkeley Lab Cyber Security has discovered bad guys exploiting Apple’s Remote Management service to conduct reflected denial-of-service (DoS) attacks. In response, they have temporarily blocked port 3283 UDP at the network border to prevent further abuse. This should have no noticeable impact to anyone.
What to do?
In order to protect Berkeley Lab computers from participating in this hostile activity, we require all users to disable Apple Remote Management Service. To disable this service:
- In Apple Menu, select System Preferences
- Select Sharing
- Uncheck Remote Management
This change will not have any adverse effects for most users and in fact is the Apple default. If you believe this will create an adverse situation for you, please contact [email protected].
IT will use BigFix to prompt users to automatically disable the Apple Remote Management Service on all systems running in Active Management Mode. For systems in Passive Management Mode, a BigFix Offer will be provided for users to disable it manually.
BigFix can be downloaded from https://go.lbl.gov/DownloadBigFix. For any further inquiries Request Help.
Technical Details
- You can read more about reflected denial-of-service (DoS) attacks at https://www.us-cert.gov/ncas/alerts/TA14-017A.
- For more information on this threat, please see Netscout’s article “A Call to ARMS: Apple Remote Management Service UDP Reflection/Amplification DDoS Attacks.”
