Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
OS X Security The Internet Apple

macOS Systems Can Be Abused In DDoS Attacks (zdnet.com) 18

An anonymous reader writes: "DDoS-for-hire services, also known as DDoS booters, or DDoS stressors, are abusing macOS systems to launch DDoS attacks," reports ZDNet. "These attacks are leveraging macOS systems where the Apple Remote Desktop feature has been enabled, and the computer is accessible from the internet, without being located inside a local network, or protected by a firewall. More specifically, the attackers are leveraging the Apple Remote Management Service (ARMS) that is a part of the Apple Remote Desktop (ARD) feature. When users enable the Remote Desktop capability on their macOS systems, the ARMS service starts on port 3283 and listens for incoming commands meant for the remote Mac." Hackers have figured out a way to bounce traffic off these ports and carry out DDoS attacks with the help of internet connected Macs. Nearly 40,000 macOS systems are currently connected online and can be used to send out DDoS attacks.
This discussion has been archived. No new comments can be posted.

macOS Systems Can Be Abused In DDoS Attacks

Comments Filter:
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Friday October 04, 2019 @05:32PM (#59271450)
    Comment removed based on user account deletion
    • I think it is still valid to warn Mac users that their systems have been accidentally configured to be a risk to others even without being a risk to themselves. A good percentage of that 40,000 head count might actually read this news and fix the hole.

    • That's not at all accurate. The attachers aren't using Apple Remote Desktop for its intended purpose, and they're not getting into the Mac which has Apple Remote Desktop enabled.

      A more fitting analogy would be "car thieves can prevent an arbitrary person or group of people from accessing their cars just because you left your car's windows rolled down, the car unattended, and the keys in the ignition".

      Required reading: Amplification Attacks [wikipedia.org]

    • Ehh, a better analogy is that if you leave your car door open while parked in a parking lot your door might block someone from being able to get into their own car. It’s bad design and poor form if your car door automatically opens like that whenever you opt into using a remote key fob.

    • No, it's more like saying "car thieves can open your car door and launch ICBMs with your car if you leave your headlights on"

      This is an amplification attack targeting an Apple service. Happens all the time. It's not that big of a deal, and it's important that people know about it. It's not that big of a deal. Your defense is so fucking rabid though, that I'm more wondering what the hell your investment is in it.

      There was no error in the headline, or anything misleading about the story.
      The only thing mi
  • You can tell when a machine is directly connected to the internet in most cases. Desktop operating systems should close all their high surface area ports when they detect it.

    • by DamnOregonian ( 963763 ) on Saturday October 05, 2019 @01:34AM (#59272284)
      Desktop operating systems should do what you tell them to do. In this case: they did.
      Users enabled the service, and the service was enabled.
      The service was either poorly designed, or has a bug, allowing for amplification. This is a problem with lots of common services that are unpatched: DNS, NTP, UDP LDAP (Active Directory)
      I'm the Senior Network Engineer for a large residential network, so I have to deal with this shit all the time.
      Services should not be designed to provide connectionless amplification. It shouldn't fall on the user to make sure they can't behave like shit.
      That being said: I'm certain Apple will fix this, just as everyone else fixes their amplification design flaws.
  • by Kernel Kurtz ( 182424 ) on Friday October 04, 2019 @06:24PM (#59271582)

    Just another service that can be added to the list.

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    • It is. One more group of customers I have to turn off in the middle of the night because some assholes are using them to pummel some poor sod out on the net.
  • by williamyf ( 227051 ) on Friday October 04, 2019 @08:31PM (#59271928)

    So, fair is fair.

    Windows got a misleading/clickbaity headline when RDP was attacked, and now MacOS gets a misleading/clickbaity headline when ARD get's attacked.

    Let's hope that, on the next attack on Linux, we get a misleading/clickbaity headline too.

    Written from my MacMini 8,1 Late 2018

    • by WallyL ( 4154209 )

      Let's hope that, on the next attack on Linux, we get a misleading/clickbaity headline too.

      Well, that would require having an easy-to-install-and-enable vnc or NX or rdp protocol. And when that happens, call me!

  • Consider the overwhelming number of Macs that are susceptible (nearly 40,000) is clearly the majority of Macs online; I'd say it's a serious problem. After all, you actually have to buy ARD and install it; I wonder what percentage of the actually users haven't configured it to not be a problem?

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...