Accessible Apple Remote Desktop (ARD) Report

LAST UPDATED: 2022-08-29

This report identifies hosts that have the Apple Remote Desktop service on port 3283/udp running and accessible on the Internet. This can be abused in an amplification attack and it also leaks information about the system that it is running on.

For more details behind the scan methodology and a daily update of global ARD scan statistics please visit our dedicated Accessible ARD scan page.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filename(s): scan_ard

Fields

timestamp

Time that the IP was probed in UTC+0
ip

The IP address of the device in question
protocol

Protocol that the ARD response came on (always UDP)
port

Port that the ARD response came from (usually 3283)
hostname

Reverse DNS name of the device in question
tag

This will always be ard
asn

ASN of where the device in question resides
geo

Country where the device in question resides
region

State / Province / Administrative region where the device in question resides
city

City in which the device in question resides
naics

North American Industry Classification System Code
sic

Standard Industrial Classification System Code
machine_name

Trivial name of the device
response_size

Size of the ARD response in bytes, minus the UDP header
amplification

Amplification factor (This amplification is is based solely on the payload size sent and payload size received)

Sample

"timestamp","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","sic","machine_name","response_size","amplification"
"2010-02-10 00:00:00",192.168.0.1,udp,3283,node01.example.com,ard,64512,ZZ,Region,City,0,0,127.0.0.1,1006,201.20
"2010-02-10 00:00:01",192.168.0.2,udp,3283,node02.example.com,ard,64512,ZZ,Region,City,0,0,zbyszek2,1006,201.20
"2010-02-10 00:00:02",192.168.0.3,udp,3283,node03.example.com,ard,64512,ZZ,Region,City,0,0,kapibara,1006,201.20

Our 130 Report Types

« Back to Network Reporting