Hi, I was getting to know what changed in Lion when I found that Netbiosd is set to Block incomming Connection under my Firewall Advanced Settings. I don't know what Netbiosd is or if I turned it to Block inadvertently or whether it is supposed to be set to Block. Could someone knowledgable about such a thing let me know what Netbiosd is? and is it correct or wrong to have it set to Block? But please do it in laymans terms, I tried searching it on the web but everything is far to technical for me to understand. Thanks
It's installed by Lion. It's a daemon that handles the netbios service, which handles communication across your LAN and has been around for ages.
While I don't know for sure how Lion makes use of it, I imagine it might be connected with AirDrop, which is a new sharing service in OS X 10.7. Again, that's just an assumption.
Hope that offers some help. You could try using AirDrop with the connection blocked. If it works, then leave it as is.
I didn't twist any knobs because I never said I touched it, just tried to figure it out. I like to learn about how my computer functions which is why I am in the firewall preference pane in the first place. Just because I said what I searched for was too technical for me to understand does not mean I am incapable of ever understanding if I get enough information.
No thanks for your useless reply.
I'm not shure your right.
I'm wondering also. Why did this daemon try to connect to an address like 5.x.x.x?? If it's needed for my LAN, then I would expect only addresses 192.168.x.x. And lots of other unknown adresses!
I'm with AlpacaSalica: what does netbiosd communicate with unknown ip addresses?
Should I really allow it?
Btw. I have no AirDrop in use.
The mentioned address is used by the Hamachi VPN service. So it allows normal networking through a VPN connection across a secure link for instance to your work servers. Seems ok with me. Here is more info on the IP range itself (wikipedia):
"The 184.108.40.206/8 network is used to avoid collisions with private IP networks that might already be in use on the client side, specifically, 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16."
So if you do not have a VPN connection running, and do not have a VPN server listening (most unlikely that you have), everything is just fine.
Using LittleSnitch I have received 3 alerts from netbiosd in the past week.
I have denied all of them after a cursory lookup of the IP addresses using various tools (whois, traceroute)
The blocked entries were:
220.127.116.11, port 137
18.104.22.168, port 47863
22.214.171.124, port 53659
Any idea why netbiosd is trying to contact these IP addresses?
Lion 10.7.4, fully updated. MBP/i7 2.6/8GB
As this thread is sorta close.
I have Little Snitch installed, which I find realy useful, every now and then something odd comes up, this: -
"netbiosd wants to connect to 126.96.36.199" port 139 TCP!
Flag went up...
so I g@@gled and came with a location in central CH, and "who is" has it as "plusnet" in Warsaw PL!
What/why in the world does an obscure place in Poland need access via TCP - I am in England
needless to say it shall be perma blocked unless I can get more info?