Apple remote desktop DDoS reflectetion (UDP 3283)

Here comes just another volumetric DDoS reflected attack.

This time it’s from Apple Remote Desktop (UDP) protocol

The amplification rate looks quite good (35:1)

Apparently there are many hosts online to pick from

65,538 on Shodan right now, seems

https://www.shodan.io/search?query=port%3A3283

A lot of Macstadium host are actively being exploited apparently

If you have your Apple MAC in a DMZ or directly with public IP please properly secure port 3283

Searching online seems someone else is actually seeing this pattern.

Arbor (Netscout) has some more detailed infos published: https://www.netscout.com/blog/asert/call-arms-apple-remote-management-service-udp