Re: Possible security problem?
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Possible security problem?

From: Tom Stiller <tomstiller@comcast.net>
Date: Wed Jul 27 2005 - 20:15:41 CEST



In article <g%MFe.640$Bw6.5142@nnrp1.ozemail.com.au>,


 "J. David Anderson" <jdavidanderson_@hotmail> wrote:



> Tom Stiller wrote:


> > In article <%GMFe.639$Bw6.4995@nnrp1.ozemail.com.au>,


> >  Tony Cameron <Darkscribe01@hotmail.com> wrote:


> > 


> > 


> >>I am running a Mac G5 with 10.3.9 and have just discovered that at 


> >>regular but intermittent intervals, several times an hour, the process 


> >>nmbd attempts to make a UDP contact with a wide variety of addresses 


> >>mostly US based, but some European, on various ports ranging from 135 to 


> >>62253.


> >>


> >>I run Firewalk X2 but have not worried in the past about what apps and 


> >>processes were getting out, just incoming, but turned logging on the 


> >>other day and discovered this consistent communication. I have blocked 


> >>nmbd for the moment, with no apparent ill effects, but I am very curious 


> >>as to the reason behind it. I don't see how I could have been hacked, 


> >>but it does look suspicious.


> >>


> >>This occurs regardless of the apps running at the time, even after 


> >>rebooting and with nothing aside from system services started. I do have 


> >>Virtual PC on the system, but even with it not started, or killing it 


> >>from the activity monitor makes no difference to the activity. Samba is 


> >>not running.


> >>


> >>Can anybody shed some light on this? Google doesn't seem to offer much 


> >>in the way of explanation.


> >>


> > 


> > 


> > Nnbd is part of the samba PC file sharing suite.  If you don't need 


> > samba, turn off "Windows Sharing" in the Sharing System Preferences 


> > pane.  If you need samba, but want to restrict its activities, read up 


> > on the configuration options in the man page for smb.conf.


> > 


> 


> Hi Tom


> 


> That is why I mentioned that Samba is not a part of the equation.


> 


> Even so, if it was enabled why would nmbd be sending packets all over 


> the world? That is what has me intrigued.



Sorry, I slipped right by the comment on samba.  One question is: why is 


nmbd running at all?  It isn't running on my machine.



-- 
Tom Stiller
PGP fingerprint =  5108 DDB2 9761 EDE5 E7E3 
                   7BDA 71ED 6496 99C0 C7CF


Received on Thu Sep 29 19:59:37 2005