[nsp-sec] Apple Remote Desktop
John Kristoff
jtk at depaul.edu
Tue Sep 17 17:49:08 EDT 2019
Hello friends,
We saw some more of this appear, but instead of the UDP 0xffff payload,
we saw trigger packets with a 5-byte payload of 0x00 0x14 0x00 0x01
0x03. Wireshark apparently IDs this as ARD as well. I'm not sure what
this decodes to explicitly from a protocol specification perspective,
but if it hits an open ARD system a single packet reply of about 1000
bytes may be returned.
It hasn't been a lot of volume, but this is apparently a current
favorite vector for some micreant(s). Maybe just enough to be an
effective anti-competitive game booter?
If anyone has better contacts at Apple than might help encourage
something be done in a future update to this application service, that
would be helpful.
John
More information about the nsp-security
mailing list