Apple remote desktop DDoS reflection (UDP 3283)

Here comes just another volumetric DDoS reflected attack.

This time it’s from Apple Remote Desktop (UDP) protocol

The amplification rate looks quite good (35:1)

Apparently there are many hosts online to pick from

65,538 on Shodan right now, seems

A lot of Macstadium host are actively being exploited apparently

If you have your Apple MAC in a DMZ or directly with public IP please properly secure port 3283

Searching online seems someone else is actually seeing this pattern.

Arbor (Netscout) has some more detailed infos published: