1 2 3 Previous Next 30 Replies Latest reply: May 18, 2014 9:55 PM by RunSpotRun
AlpacaSaliva Level 1 Level 1 (20 points)

Hi,  I was getting to know what changed in Lion when I found that Netbiosd is set to Block incomming Connection under my Firewall Advanced Settings.  I don't know what Netbiosd is or if I turned it to Block inadvertently or whether it is supposed to be set to Block.  Could someone knowledgable about such a thing let me know what Netbiosd is? and is it correct or wrong to have it set to Block?  But please do it in laymans terms, I tried searching it on the web but everything is far to technical for me to understand.  Thanks

  • 1. Re: Lion and Netbiosd
    AlpacaSaliva Level 1 Level 1 (20 points)

    I've made note that Netbiosd is a Unix Executable File located in the sbin folder and opens with Terminal and was created on Monday 13 June 2011, so it's fairly new or was reinstalled with something but that's still all meaningless to me since I don't know what it's for.  Any help?

  • 2. Re: Lion and Netbiosd
    wssz Level 1 Level 1 (5 points)

    It's installed by Lion. It's a daemon that handles the netbios service, which handles communication across your LAN and has been around for ages.

     

    While I don't know for sure how Lion makes use of it, I imagine it might be connected with AirDrop, which is a new sharing service in OS X 10.7. Again, that's just an assumption.

     

    Hope that offers some help. You could try using AirDrop with the connection blocked. If it works, then leave it as is.

  • 3. Re: Lion and Netbiosd
    Marc Wilson Level 4 Level 4 (1,040 points)

    AlpacaSaliva wrote:

    I tried searching it on the web but everything is far to technical for me to understand.

     

    Then why do you think you need to be messing with the firewall in the first place?  Leave it alone, stop twisting knobs randomly.

  • 4. Re: Lion and Netbiosd
    AlpacaSaliva Level 1 Level 1 (20 points)

    I didn't twist any knobs because I never said I touched it, just tried to figure it out.  I like to learn about how my computer functions which is why I am in the firewall preference pane in the first place.  Just because I said what I searched for was too technical for me to understand does not mean I am incapable of ever understanding if I get enough information.

     

    No thanks for your useless reply.

  • 5. Re: Lion and Netbiosd
    Oliver Christmann Level 1 Level 1 (0 points)

    I'm not shure your right.

     

    I'm wondering also. Why did this daemon try to connect to an address like 5.x.x.x?? If it's needed for my LAN, then I would expect only addresses 192.168.x.x. And lots of other unknown adresses!

     

    I'm with AlpacaSalica: what does netbiosd communicate with unknown ip addresses?

    Should I really allow it?

     

    Btw. I have no AirDrop in use.

  • 6. Re: Lion and Netbiosd
    Ackmo Level 1 Level 1 (5 points)

    Oliver Christmann wrote:

     

    Why did this daemon try to connect to an address like 5.x.x.x?

     

    Did you ever find out why netbiosd was connecting to that address?  I am also seeing it connect to a 5.x.x.x address and am trying to track this down.

  • 7. Re: Lion and Netbiosd
    Paul Weustink Level 1 Level 1 (0 points)

    The mentioned address is used by the Hamachi VPN service. So it allows normal networking through a VPN connection across a secure link for instance to your work servers. Seems ok with me. Here is more info on the IP range itself (wikipedia):

     

    "The 5.0.0.0/8 network is used to avoid collisions with private IP networks that might already be in use on the client side, specifically, 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16."

     

    So if you do not have a VPN connection running, and do not have a VPN server listening (most unlikely that you have), everything is just fine.

  • 8. Re: Lion and Netbiosd
    Pilot_Pirx Level 1 Level 1 (0 points)

    On my Mac netbiosd is trying to connect to 82.234.239.180 (UPP Port 2136).

    Does anybody know what netbiosd is suppose to do?

  • 9. Re: Lion and Netbiosd
    Ackmo Level 1 Level 1 (5 points)

    Paul Weustink wrote:

     

    The mentioned address is used by the Hamachi VPN service.

     

    Thanks for the info.  I found out that there is indeed someone running Hamachi VPN on our network and that is causing netbiosd to occasionally try to connect to the 5.x.x.x address.

  • 11. Re: Lion and Netbiosd
    molachai Level 1 Level 1 (0 points)

    Using LittleSnitch I have received 3 alerts from netbiosd in the past week.

    I have denied all of them after a cursory lookup of the IP addresses using various tools (whois, traceroute)

     

    The blocked entries were:

    69.70.43.102, port 137

    82.186.105.146, port 47863

    125.239.135.130, port 53659

     

    Any idea why netbiosd is trying to contact these IP addresses?

     

    Lion 10.7.4, fully updated. MBP/i7 2.6/8GB

  • 12. Re: Lion and Netbiosd
    ClassyMacster Level 1 Level 1 (0 points)

    Intesting that this thread has been active for over a year and not a single word from the Apple Elite.

  • 13. Re: Lion and Netbiosd
    Marc Wilson Level 4 Level 4 (1,040 points)

    Hardly, since this is a user-to-user forum.

  • 14. Re: Lion and Netbiosd
    Graham Bailey Level 1 Level 1 (0 points)

    As this thread is sorta close.

     

    I have Little Snitch installed, which I find realy useful, every now and then something odd comes up, this: -

     

    "netbiosd wants to connect to 5.60.206.52" port 139 TCP!

     

    Flag went up...

     

    so I g@@gled and came with a location in central CH, and "who is" has it as "plusnet" in Warsaw PL!

     

    What/why in the world does an obscure place in Poland need access via TCP - I am in England

     

    needless to say it shall be perma blocked unless I can get more info?

     

    Graham

1 2 3 Previous Next