Go Back   The macosxhints Forums > OS X Help Requests > System



Reply
 
Thread Tools Rating: Thread Rating: 4 votes, 5.00 average. Display Modes
Old 08-04-2011, 04:26 AM   #1
HippoMan
Major Leaguer
 
Join Date: Apr 2007
Location: [No longer use a Mac. Last Mac I owned: Unibody MacBook Pro, MacOS 10.8.2]
Posts: 316
Lion: completely disabling netbios?

Is there a way to completely disable netbios under Lion?

I've seen instructions for doing this under Leopard, but they don't seem to apply to Lion.

Thanks in advance.
.
__________________
I got rid of my Mac for good.
This thread explains why: http://hintsforums.macworld.com/showthread.php?t=168164
The last Mac that I owned:
Unibody MacBook Pro, MacOS 10.8.2
HippoMan is offline   Reply With Quote
Old 08-04-2011, 10:16 AM   #2
hayne
Site Admin
 
Join Date: Jan 2002
Location: Montreal
Posts: 32,388
1) Why do you want to do this?

2) What have you tried?

3) If you are just trying to stop the NETBIOS messages, you should be able to setup a firewall rule to do this.
__________________
hayne.net/macosx.html
hayne is offline   Reply With Quote
Old 08-04-2011, 04:05 PM   #3
HippoMan
Major Leaguer
 
Join Date: Apr 2007
Location: [No longer use a Mac. Last Mac I owned: Unibody MacBook Pro, MacOS 10.8.2]
Posts: 316
Thank you!

1) I get periodic hack attempts on the netbios port, and I'd like to completely close that port. I don't ever want to use Samba at all, so there is no need for me even to have netbios running, in the first place.

2) I tried the following procedure:
A) Put the following lines into /etc/smb.conf:
disable netbios = yes
smb ports = 445
B) Run this command to disable nmbd:
launchctl unload -w /System/Library/LaunchDaemons/nmbd.plist
However, I have no /etc/smb.conf under Lion, nor is there any nmbd daemon, nor any nmbd.plist file.
3) How do I configure the MacOSX firewall to block all connections on a specific port (in this case, port 445)? All I seem to be able to do is block connections on an application-by-application basis.
.
__________________
I got rid of my Mac for good.
This thread explains why: http://hintsforums.macworld.com/showthread.php?t=168164
The last Mac that I owned:
Unibody MacBook Pro, MacOS 10.8.2
HippoMan is offline   Reply With Quote
Old 08-04-2011, 06:16 PM   #4
hayne
Site Admin
 
Join Date: Jan 2002
Location: Montreal
Posts: 32,388
1) I would have thought that you only get NETBIOS running if you have Windows File Sharing enabled in Sharing preferences. Is that incorrect? Why do you have Windows File Sharing enabled?

2) You speak of attacks - isn't your Mac behind a router of some sort? It should be - i.e. You shouldn't have your Mac directly connected to the Internet.
__________________
hayne.net/macosx.html
hayne is offline   Reply With Quote
Old 08-04-2011, 06:49 PM   #5
HippoMan
Major Leaguer
 
Join Date: Apr 2007
Location: [No longer use a Mac. Last Mac I owned: Unibody MacBook Pro, MacOS 10.8.2]
Posts: 316
Quote:
Originally Posted by hayne
1) I would have thought that you only get NETBIOS running if you have Windows File Sharing enabled in Sharing preferences. Is that incorrect? Why do you have Windows File Sharing enabled?

You are making an unwarranted assumption: I do not have Windows File Sharing enabled. In fact, I have no sharing enabled, at all.

I would appreciate it if you would be less condescending in your replies. Thank you.

Are you talking about Lion, or perhaps are you thinking of an earlier version of MacOSX?

Quote:
Originally Posted by hayne
2) You speak of attacks - isn't your Mac behind a router of some sort? It should be - i.e. You shouldn't have your Mac directly connected to the Internet.

Everyone has different needs and setups. It is not a foregone conclusion that everyone in the world who has a Mac should be using the kind of router you are suggesting.

With my Linux box, it is trivial to block ports using iptables or a number of programs which serve as front-ends to iptables. On Linux, I use one of those programs to block all ports except the few that I want to have open.

I'd like do the same with the MacOSX firewall, but I don't see how: it only lets me block by program, not by port.

Is there a way to use the MacOSX firewall to block specific ports? ... or better yet, to block all ports except a few selected ones? If so, I could easily protect my Mac against netbios attacks and other attacks, in the same way that I protect my Linux box, without my having to buy a router.

Thanks.
.
__________________
I got rid of my Mac for good.
This thread explains why: http://hintsforums.macworld.com/showthread.php?t=168164
The last Mac that I owned:
Unibody MacBook Pro, MacOS 10.8.2
HippoMan is offline   Reply With Quote
Old 08-04-2011, 08:14 PM   #6
hayne
Site Admin
 
Join Date: Jan 2002
Location: Montreal
Posts: 32,388
Quote:
Originally Posted by HippoMan
You are making an unwarranted assumption: I do not have Windows File Sharing enabled. In fact, I have no sharing enabled, at all.

I would appreciate it if you would be less condescending in your replies.

I think you are misunderstanding the style of my reply. I stated my (technical) assumption about when NETBIOS would be running. I asked if you had Windows File Sharing enabled. And then I asked a follow-up question (to save time) in the case that you did have Windows File Sharing enabled.

Quote:
Are you talking about Lion, or perhaps are you thinking of an earlier version of MacOSX?

I have very little knowledge of Lion - I'm assuming that things are more or less the same with regard to file sharing as in previous versions of OS X.

Quote:
Everyone has different needs and setups. It is not a foregone conclusion that everyone in the world who has a Mac should be using the kind of router you are suggesting.

It's not so much the "kind" of router, as merely having a router. They are so cheap (and functional) that my strong recommendation (implicitly voiced above) is that everyone should have a router as the front-end to the Internet.

Quote:
With my Linux box, it is trivial to block ports using iptables or a number of programs which serve as front-ends to iptables. On Linux, I use one of those programs to block all ports except the few that I want to have open.

I'd like do the same with the MacOSX firewall, but I don't see how: it only lets me block by program, not by port.

Is there a way to use the MacOSX firewall to block specific ports? ... or better yet, to block all ports except a few selected ones?

I think you are looking at OS X's "application firewall". There is still (unless this has changed in Lion) the usual 'ipfw' firewall for which you will find lots of articles via Google. There were many articles written about this at the time that OS X introduced the "application firewall" (in Leopard I think?). There is no GUI for 'ipfw' - you use the command-line.

Quote:
If so, I could easily protect my Mac against netbios attacks and other attacks, in the same way that I protect my Linux box, without my having to buy a router.

Indeed you can - see above articles.
But you should still buy a router (as a first line of defence).
__________________
hayne.net/macosx.html
hayne is offline   Reply With Quote
Old 08-04-2011, 09:37 PM   #7
aubreyapple
All Star
 
Join Date: Aug 2002
Posts: 574
Hayne may not realize that some of us have laptops we carry around where there are no routers to help. :-)

I know the initial post was not of that nature, but it is relevant to situations where beyond the control of the owner of the machine, he/she is not behind a router firewall, and hence of pretty general interest.
aubreyapple is offline   Reply With Quote
Old 08-05-2011, 04:07 AM   #8
HippoMan
Major Leaguer
 
Join Date: Apr 2007
Location: [No longer use a Mac. Last Mac I owned: Unibody MacBook Pro, MacOS 10.8.2]
Posts: 316
Thanks, aubreyapple. That's indeed the situation I am in (carrying around a laptop).

I'm sorry if I misunderstood your style of posting, hayne. I see now that you weren't being condescending.

With or without a router, the last and best (IMHO) line of defense is always in the machine, itself. I will now look up ipfw, and I'll use it similarly to how I use iptables under Linux.

If what you say about Sharing is correct, then Lion seems to differ from earlier versions in that even if no Sharing is enabled, netbiosd is still apparently running by default and listening on its port.

Thanks again to all.
.
__________________
I got rid of my Mac for good.
This thread explains why: http://hintsforums.macworld.com/showthread.php?t=168164
The last Mac that I owned:
Unibody MacBook Pro, MacOS 10.8.2

Last edited by HippoMan; 08-05-2011 at 04:16 AM.
HippoMan is offline   Reply With Quote
Old 09-18-2011, 09:45 AM   #9
devzero
Guest
 
Posts: n/a
Ipfw frontend

I know there are actually a couple front ends out for osx/ipfw. I use "Doorstop" and its fairly straightforward and fairly cheap. The security suite they offer also has a fairly cool log reader in it called "Who's there". Hope that helps.
  Reply With Quote
Old 10-01-2011, 09:59 AM   #10
HippoMan
Major Leaguer
 
Join Date: Apr 2007
Location: [No longer use a Mac. Last Mac I owned: Unibody MacBook Pro, MacOS 10.8.2]
Posts: 316
Thanks, devzero!
.
__________________
I got rid of my Mac for good.
This thread explains why: http://hintsforums.macworld.com/showthread.php?t=168164
The last Mac that I owned:
Unibody MacBook Pro, MacOS 10.8.2
HippoMan is offline   Reply With Quote
Old 10-02-2011, 07:39 AM   #11
benwiggy
League Commissioner
 
Join Date: Aug 2006
Location: London
Posts: 5,708
Quote:
Originally Posted by aubreyapple
Hayne may not realize that some of us have laptops we carry around where there are no routers to help. :-)
I know the initial post was not of that nature, but it is relevant to situations where beyond the control of the owner of the machine, he/she is not behind a router firewall, and hence of pretty general interest.

Without wishing to open up old wounds: surely almost all connections that a mobile laptop makes are going to be to a router, rather than directly to the internet?

However, I can see that on random networks that a laptop connects to, there may be security threats from other unknown computers on the same network, for which turning off NetBios would be a Good Thing, of course.

But that is different from connecting "directly" to the internet.
benwiggy is online now   Reply With Quote
Old 10-04-2011, 11:20 AM   #12
sojourner
Major Leaguer
 
Join Date: Apr 2010
Posts: 371
Being a Linux person, you're probably used to the command line, but WaterRoof is an option for those interested in configuring ipfw using a gui (although, when I looked into it, WaterRoof was beyond my expertise).
__________________
see a problem; solve a problem.
sojourner is offline   Reply With Quote
Old 11-05-2011, 03:55 PM   #13
mzso
Prospect
 
Join Date: May 2007
Posts: 2
Hi HippoMan!

Quote:
Originally Posted by HippoMan
Thanks, devzero!
.

I can only recommend WaterRoof (as sojourner already did). It's free (under the NLPL license, which is actually a sort of joke on licenses :-) ) and for somebody familiar with iptables surely no problem to master. I've been using it for years and I'm fully satisfied with it.
mzso is offline   Reply With Quote
Old 11-06-2011, 07:55 AM   #14
benwiggy
League Commissioner
 
Join Date: Aug 2006
Location: London
Posts: 5,708
I don't know if this is related: but I get the following Console log a lot since Lion:
Code:
06/11/2011 13:39:20.366 Firewall: Deny netbiosd data in from 192.168.1.68:137 to port 137 proto=17
I don't have Windows sharing on, but I presume that the requests are coming from my wife's Dell. I don't think that she would have turned on anything non-standard in Windows.

Is there anything I can do to stop these log messages? I'm slightly OCD about hundreds of the same message in my logs.
benwiggy is online now   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -5. The time now is 10:09 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.