macOS Systems Can Be Abused In DDoS Attacks (zdnet.com) 18
An anonymous reader writes: "DDoS-for-hire services, also known as DDoS booters, or DDoS stressors, are abusing macOS systems to launch DDoS attacks," reports ZDNet. "These attacks are leveraging macOS systems where the Apple Remote Desktop feature has been enabled, and the computer is accessible from the internet, without being located inside a local network, or protected by a firewall. More specifically, the attackers are leveraging the Apple Remote Management Service (ARMS) that is a part of the Apple Remote Desktop (ARD) feature. When users enable the Remote Desktop capability on their macOS systems, the ARMS service starts on port 3283 and listens for incoming commands meant for the remote Mac." Hackers have figured out a way to bounce traffic off these ports and carry out DDoS attacks with the help of internet connected Macs. Nearly 40,000 macOS systems are currently connected online and can be used to send out DDoS attacks.
Comment removed (Score:5, Insightful)
Re: (Score:2)
I think it is still valid to warn Mac users that their systems have been accidentally configured to be a risk to others even without being a risk to themselves. A good percentage of that 40,000 head count might actually read this news and fix the hole.
Re: (Score:2)
That's not at all accurate. The attachers aren't using Apple Remote Desktop for its intended purpose, and they're not getting into the Mac which has Apple Remote Desktop enabled.
A more fitting analogy would be "car thieves can prevent an arbitrary person or group of people from accessing their cars just because you left your car's windows rolled down, the car unattended, and the keys in the ignition".
Required reading: Amplification Attacks [wikipedia.org]
Re: (Score:2)
Ehh, a better analogy is that if you leave your car door open while parked in a parking lot your door might block someone from being able to get into their own car. It’s bad design and poor form if your car door automatically opens like that whenever you opt into using a remote key fob.
Re: (Score:2)
This is an amplification attack targeting an Apple service. Happens all the time. It's not that big of a deal, and it's important that people know about it. It's not that big of a deal. Your defense is so fucking rabid though, that I'm more wondering what the hell your investment is in it.
There was no error in the headline, or anything misleading about the story.
The only thing mi
Re: (Score:1)
Re: (Score:2)
As far as I know, Mac OS has no 'walled garden'
iOS on the other hand has an ecosystem that keeps you locked in while Apple, government agents, and malicious hackers can get at you.
Problem that should have been solved. (Score:2)
You can tell when a machine is directly connected to the internet in most cases. Desktop operating systems should close all their high surface area ports when they detect it.
Re:Problem that should have been solved. (Score:4, Insightful)
Users enabled the service, and the service was enabled.
The service was either poorly designed, or has a bug, allowing for amplification. This is a problem with lots of common services that are unpatched: DNS, NTP, UDP LDAP (Active Directory)
I'm the Senior Network Engineer for a large residential network, so I have to deal with this shit all the time.
Services should not be designed to provide connectionless amplification. It shouldn't fall on the user to make sure they can't behave like shit.
That being said: I'm certain Apple will fix this, just as everyone else fixes their amplification design flaws.
Sounds like a typical amplification attack (Score:3)
Just another service that can be added to the list.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Same headline when Windows RDP was attacked (Score:4, Funny)
So, fair is fair.
Windows got a misleading/clickbaity headline when RDP was attacked, and now MacOS gets a misleading/clickbaity headline when ARD get's attacked.
Let's hope that, on the next attack on Linux, we get a misleading/clickbaity headline too.
Written from my MacMini 8,1 Late 2018
Re: (Score:2)
Let's hope that, on the next attack on Linux, we get a misleading/clickbaity headline too.
Well, that would require having an easy-to-install-and-enable vnc or NX or rdp protocol. And when that happens, call me!
A problem IF a user enables ARD (Score:2)