Question about the nmbd daemon

malex · 08-27-2003, 06:09 AM

Hello

I have a process running on my ibook (connected to a LAN via a zyxel router and a switch, itself connected to cable) that is called nmbd. I know it is related to Samba, but I can see it is constantly requesting IP's in random places such as Poland and Russia. Why would this process be running on my computer? I thought it could be related to mlnet, which I run sometimes, but it is not currently active.

Where can I find more info about this process/daemon?

Thanks a lot

yellow · 08-27-2003, 06:25 AM

A Google search showed up many pages about the NetBIOS name server. Here's one from the Darwin man page:

http://www.hmug.org/man/8/nmbd.html

malex · 08-27-2003, 07:11 AM

Hi

In fact that is what the man pages told me when I read them locally. However what I don't understand is what types of requests this daemon actually does. In other terms, to speak in "simple" terms, if I didn"t "ask" him anything, why is he making all these requests?

Thanks

hayne · 08-27-2003, 10:22 AM

Quote:


	Originally posted by malex what I don't understand is what types of requests this daemon actually does. In other terms, to speak in "simple" terms, if I didn"t "ask" him anything, why is he making all these requests?

Daemons don't usually request anything by themselves. Their purpose in life is to wait, doing nothing, until someone else makes a request of them and then they respond to that request.

So it seems that what you are seeing is log entries about your machine responding to samba queries from external machines. You should be aware of the scurity risks of having a samba server accessible to the Internet.

malex · 08-27-2003, 10:42 AM

Thanks for that.
So how do I desactivate the samba server. Should I just kill its process? Can I find out what type of queries are coming in?

Thanks

yellow · 08-27-2003, 10:47 AM

One easy way to stop it is:
System Preferences -> Sharing Pane -> Windows File Sharing -> Stop button.

hayne · 08-27-2003, 10:47 AM

Quote:


	Originally posted by malex So how do I desactivate the samba server. Should I just kill its process?

Presumably you started it by using the Sharing pane of System Preferences - so that is the way to stop it as well.

yellow · 08-27-2003, 10:48 AM

Heh, I won!! Again I say we need to see 'seconds' on posting times

malex · 08-27-2003, 10:54 AM

Hmm, what worries me though is that the Window file sharing was off. I had turned it off a while ago, but it has been off for some time.
I suppose this means shutting Samba off does quit the nmbd daemon.
Wouldn't you qualify this as a major security break? If people could acess my computer, then they could obviously access my entire LAN. And all this because I turned on Windows sharing at some point?

Am I right in assuming this?

Thanks for all the help, at least I know how to protect myself a bit better

hayne · 08-27-2003, 12:09 PM

You should restart your Mac.
Then check whether Windows file sharing is on or off and check if 'nmbd' is running.
If 'nmbd' is running then something must have started it. Do you have any 3rd-party startup items?

I'm not sure what you are asking when you ask about access to your LAN. Is your Mac is directly connected to the Internet? Or is it behind some kind of router? Consumer-level routers usually provide firewall capabilities so I can't see how you would be getting external samba requests in that case.

malex · 08-27-2003, 01:49 PM

I'll try the restart.

About the LAN think, my Ibook is behing a consumer level zyxel router. The problem is that I could see that loads of requests were coming from nmbd, and that if these requests were being emitted something was causing this. The only PC on my LAN was off when this was happening, Windows File sharing was off, so there was definitely something coming from the outside.
The only third party startup items I have are maxmenus and suitcase. So I doubt they could be the culprits.

hayne · 08-27-2003, 02:55 PM

Quote:


	Originally posted by malex my Ibook is behing a consumer level zyxel router. The problem is that I could see that loads of requests were coming from nmbd, and that if these requests were being emitted something was causing this.

If teh requests are coming form externel machines then they must be getting through the router somehow. Normally these routers ship configured to not allow any such requests through. Did you perhaps turn on "port-mapping" or "port-forwarding" on the router?

08-27-2003, 06:09 AM	#1
malex Prospect Join Date: Aug 2003 Posts: 6	Question about the nmbd daemon Hello I have a process running on my ibook (connected to a LAN via a zyxel router and a switch, itself connected to cable) that is called nmbd. I know it is related to Samba, but I can see it is constantly requesting IP's in random places such as Poland and Russia. Why would this process be running on my computer? I thought it could be related to mlnet, which I run sometimes, but it is not currently active. Where can I find more info about this process/daemon? Thanks a lot

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

08-27-2003, 06:25 AM	#2
yellow Moderator Join Date: Jan 2002 Posts: 10,677	A Google search showed up many pages about the NetBIOS name server. Here's one from the Darwin man page: http://www.hmug.org/man/8/nmbd.html

08-27-2003, 07:11 AM	#3
malex Prospect Join Date: Aug 2003 Posts: 6	Hi In fact that is what the man pages told me when I read them locally. However what I don't understand is what types of requests this daemon actually does. In other terms, to speak in "simple" terms, if I didn"t "ask" him anything, why is he making all these requests? Thanks

08-27-2003, 10:42 AM	#5
malex Prospect Join Date: Aug 2003 Posts: 6	Thanks for that. So how do I desactivate the samba server. Should I just kill its process? Can I find out what type of queries are coming in? Thanks

08-27-2003, 10:47 AM	#6
yellow Moderator Join Date: Jan 2002 Posts: 10,677	One easy way to stop it is: System Preferences -> Sharing Pane -> Windows File Sharing -> Stop button.

08-27-2003, 10:48 AM	#8
yellow Moderator Join Date: Jan 2002 Posts: 10,677	Heh, I won!! Again I say we need to see 'seconds' on posting times

08-27-2003, 10:54 AM	#9
malex Prospect Join Date: Aug 2003 Posts: 6	Hmm, what worries me though is that the Window file sharing was off. I had turned it off a while ago, but it has been off for some time. I suppose this means shutting Samba off does quit the nmbd daemon. Wouldn't you qualify this as a major security break? If people could acess my computer, then they could obviously access my entire LAN. And all this because I turned on Windows sharing at some point? Am I right in assuming this? Thanks for all the help, at least I know how to protect myself a bit better

08-27-2003, 12:09 PM	#10
hayne Site Admin Join Date: Jan 2002 Location: Montreal Posts: 31,956	You should restart your Mac. Then check whether Windows file sharing is on or off and check if 'nmbd' is running. If 'nmbd' is running then something must have started it. Do you have any 3rd-party startup items? I'm not sure what you are asking when you ask about access to your LAN. Is your Mac is directly connected to the Internet? Or is it behind some kind of router? Consumer-level routers usually provide firewall capabilities so I can't see how you would be getting external samba requests in that case.

08-27-2003, 01:49 PM	#11
malex Prospect Join Date: Aug 2003 Posts: 6	I'll try the restart. About the LAN think, my Ibook is behing a consumer level zyxel router. The problem is that I could see that loads of requests were coming from nmbd, and that if these requests were being emitted something was causing this. The only PC on my LAN was off when this was happening, Windows File sharing was off, so there was definitely something coming from the outside. The only third party startup items I have are maxmenus and suitcase. So I doubt they could be the culprits.