Why does my computer keep opening netbios connections?

When other software than netbiosd is the cause - Little Snitch will tell you that. It will tell you process XXX tried to make connection via netbiosd. Here netbiosd is the originator. If you want to be sure, you'll need to communicate with Objective Development support (creators of Little Snitch).

B.T.W - I have exactly your problem, only I have hundreds of connection attempts daily, and to chinese IPs, Russian IPs, Ukrainian IPs and so on.

Turn on Firewall to block all incoming connections. I got ratted (Don't worry I factory reset my Mac) and as soon as I started my Mac up it said "Allow netbiosd to accept incoming network connections". I obviously clicked deny. After proceeded to factory reset my mac as I knew I had gotten a RAT.

stackerxchange says "netbiosd is responsible for interacting with NetBIOS networks. NetBIOS is Microsoft's networking service. If you block incoming netbiosd connections then you will not be able to share drives over netbios which is the simplest way to share data to Windows machines." So you're basically giving your entire computer to a Windows machine. (most likely a hackers machine)

Proce wrote:

Turn on Firewall to block all incoming connections. I got ratted (Don't worry I factory reset my Mac) and as soon as I started my Mac up it said "Allow netbiosd to accept incoming network connections". I obviously clicked deny. After proceeded to factory reset my mac as I knew I had gotten a RAT.

stackerxchange says "netbiosd is responsible for interacting with NetBIOS networks. NetBIOS is Microsoft's networking service. If you block incoming netbiosd connections then you will not be able to share drives over netbios which is the simplest way to share data to Windows machines." So you're basically giving your entire computer to a Windows machine. (most likely a hackers machine)

Network connections do need to authenticate before they can connect to any shared volumes you are offering via System Preferences -> Sharing -> File Sharing.

And of course, if you do not enable File Sharing there is no way a NetBIOS user will be able to connect.

If you wish to pursue this issue in more depth, you should start a new "Post" (see the "Post" button at the top of this page), and post your question in the forum associated with your operating system version.

I suggest this because this thread started in 2012 (5 years ago), and keeping such old threads alive starts to make the thread muddy and difficult to deal with.

Disable file and printer sharing and it will stop.

From the netbiosd man page:

netbiosd is responsible for interacting with NetBIOS networks. netbiosd registers and defends one or more NetBIOS name[s], depending on the set of configured services. It also browses and scavenges names from the NetBIOS network, making them available to the system through mDNSResponder.

netbiosd is not malware; it's part of the Mac OS. If you connect directly to the Internet, rather than through a router, it may try to connect to remote hosts. I'd be mildly surprised if it tried to connect through a gateway, but maybe it does.

If you want to investigate further, you have several options, as detailed in the manual page. You can cause netbiosd to enter a debug mode, or to log all transmitted packets. You can also disable it by entering the following shell command as an administrator:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.netbiosd.plist

To reverse this action, enter the following:

sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.netbiosd.plist

Using LittleSnitch I have received 3 alerts from netbiosd in the past week.

I have denied all of them after a cursory lookup of the IP addresses using various tools (whois, traceroute)

The blocked entries were:

69.70.43.102, port 137

82.186.105.146, port 47863

125.239.135.130, port 53659

Any idea why netbiosd is trying to contact these IP addresses? I would assume this is along the same lines. I'm getting to the point where I am willing to disable/block netbiosd to keep these messages from coming up, but I don't want to risk undue wear and tear by not sleeping.

I do have screen sharing enabled, but am always behind a firewall. <---don't know if this is related. File and print sharing are not enabled.

Lion 10.7.4, fully updated. MBP/i7 2.6/8GB

All those IPs could be a host for some software vendor and it is going out to check the license of the software you installed.

Or you have bugs in your computers.

Blutopia wrote:

Thanks Linc! As an old Windows user I'm familiar with netbios, my concern was more that another piece of software could be using netbios to connect to other computers. I'll try putting it in debug mode and see if I can't get more detail into what it's trying to do.

Right all computer today connect to other computers all over the net every time they are started or when you start certain programs. This is common to check for updates and licenses and all sorts of stuff.

If you watch your routers logs you will see connections going out all the time. Nothing new here.

No VPN here. I'll take a look at LittleSnitch to see if they are inbound or outbound....I'd figure inbounds would get blocked at my router but we shall see.

I was unable to determine inbound/outbound status. How do you do that in Little Snitch?

Anyway...got about 10 popups for netbios from LS last night; got so frustrated that I decided to deny all connections for it until I get it sorted.