User profile for user: Bill Christensen
Bill Christensen Author
User level: Level 1
60 points

Turn off UDP 137?

Hi folks,


I need a straightforward command that'll allow me to turn off UDP port 137 on a 10.8.2 machine.


The short story is that a security company is scanning us and is calling this open port a security problem.


I've tried


/sbin/ipfw -f add 65000 deny udp from any to any 137 in


and though ipfw list shows the above deny in the firewall commands, nmap is telling me that udp 137 is still open. Do I need to restart ipfw in order for it to take effect? (if so, what's the command for that?) Is there another command that'll be more effective in turning this dang port off?


Thanks in advance.

Mac mini, OS X Mountain Lion (10.8.2)

Posted on Mar 9, 2013 9:49 PM

Reply
11 replies
User profile for user: Bill Christensen
Bill Christensen Author
User level: Level 1
60 points

Mar 11, 2013 12:17 AM in response to Alberto Ravasio

Bingo, this looks like Alberto's suggestion did the trick. I'm almost positive I have no need for netbiosd/Samba (I'll find out soon if there's a problem but I don't anticipate any. Filesharing can be done by FTP.)


In answer to the other questions:


@Linc: Yes, the scanning is being done by an outside service. I was going to say that it seems ridiculous that the port can only be closed by something outside of OSX, but apparently thanks to Alberto's answer I no longer have to say that. ;-)


@Eric: Thanks for the suggestion. Tried that, but the restart wiped the effect of the command.


Thanks much for the feedback.

Reply
User profile for user: Alberto Ravasio
Alberto Ravasio
User level: Level 5
4,291 points

Mar 11, 2013 1:24 PM in response to Bill Christensen

Anyway, to close the thread. Having disabled netbiosd daemon, that does not prevent you to connect to windows shared folders.


You must know the IP address of the target computer and use Finder's Go, Connect to server, and fill in the Server address box with


smb://IP_Target_Computer/Share_Name


and then Connect button. You'll be prompted for authentication.

Reply
User profile for user: jnojr
jnojr
User level: Level 1
22 points

Sep 12, 2013 2:21 PM in response to Bill Christensen

Just wanted to leave this behind...


You can add ipfw rules and see no change. Why? 'Cause the firewall still isn't actually enabled :-)


sudo sysctl -n net.inet.ip.fw.enable


If that gives a response of "0", the firewall is disabled. You can:


sudo sysctl -w net.inet.ip.fw.enable=1


to enable it. And to make that change persistent across reboots, you can either add that line to the beginning of your firewall script, or touch /etc/sysctl.conf, chmod 640 /etc/sysctl.conf, and append "net.inet.ip.fw.enable=1" to it.


And don't forget about ip6fw... if you use IPv6, lots of people will lock their IPv4 interface down but forget about 6 and leave their system wide open there :-)

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Turn off UDP 137?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up