HIGH: Accessible Apple Remote Desktop (ARD) Report

DESCRIPTION LAST UPDATED: 2023-12-07

DEFAULT SEVERITY LEVEL: HIGH

This report identifies hosts that have the Apple Remote Desktop service on port 3283/udp running and accessible on the Internet.  This can be abused in an amplification attack and it also leaks information about the system that it is running on.

You can view updated stats on ARD exposure on our Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filename(s): scan_ard

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the ARD response came on (always UDP)
  • port
    Port that the ARD response came from (usually 3283)
  • hostname
    Reverse DNS name of the device in question
  • tag
    This will always be ard
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • machine_name
    Trivial name of the device
  • response_size
    Size of the ARD response in bytes, minus the UDP header
  • amplification
    Amplification factor (This amplification is is based solely on the payload size sent and payload size received)
  • sector
    Sector the device belongs to

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","machine_name","response_size","amplification","sector"
"2010-02-10 00:00:00",high,192.168.0.1,udp,3283,node01.example.com,ard,64512,ZZ,Region,City,0,,node01,1006,201.20,
"2010-02-10 00:00:01",high,192.168.0.2,udp,3283,node02.example.com,ard,64512,ZZ,Region,City,0,,node02,1006,201.20,
"2010-02-10 00:00:02",high,192.168.0.3,udp,3283,node03.example.com,ard,64512,ZZ,Region,City,0,,node03,360,72.00,

Our 124 Report Types