Re: Possible security problem?

["Followup-To:" header set to comp.sys.mac.comm.]
On 2005-07-27, Véronique Souchon <veronique_souchon@hotmail.com> wrote:
> How would the worm be accessing my computer? I have a firewall

The standard configuration for the osx firewall doesn't do anything with
udp. Is that the firewall you have in mind? You can add rules to
block udp if you want to but it doesn't happen automatically.

> Apple Macintosh iBook, not a windows system. In order for it to
> respond, the worm would have to pass a firewall with no ports but the
> bare minimum open.

If nmbd is listening on a udp port and some client talks to it, it will
talk back. This is normal behavior and has nothing to do with worms.

As for why nmbd is running, one possibility, as you suggest, is VPC.
Even if VPC itself isn't running, it's very possible that some startup
or login item associated with VPC is starting background processes,
possibly including nmbd. This is not unusual or anything to worry
about. For example, processes that are part of iTunes and iCal
typically start at login time. I haven't had VPC installed for years,
so I don't know whether or not it runs anything at boot time or login
time. You might want to check. Look at personal login items, as well
as system startup items and (in 10.4) launchd items.

Is this network activity dangerous? Probably not. For efficiency
reasons you should try to keep nmbd from running if you don't need it,
but I doubt your machine is at risk.
Received on Thu Sep 29 19:59:43 2005