Re: Possible security problem?

On 2005-07-27 17:16:30 +0300, Tony Cameron <Darkscribe01@hotmail.com> said:

> I am running a Mac G5 with 10.3.9 and have just discovered that at
> regular but intermittent intervals, several times an hour, the process
> nmbd attempts to make a UDP contact with a wide variety of addresses
> mostly US based, but some European, on various ports ranging from 135
> to 62253.
>
> I run Firewalk X2 but have not worried in the past about what apps and
> processes were getting out, just incoming, but turned logging on the
> other day and discovered this consistent communication. I have blocked
> nmbd for the moment, with no apparent ill effects, but I am very
> curious as to the reason behind it. I don't see how I could have been
> hacked, but it does look suspicious.
>
> This occurs regardless of the apps running at the time, even after
> rebooting and with nothing aside from system services started. I do
> have Virtual PC on the system, but even with it not started, or killing
> it from the activity monitor makes no difference to the activity. Samba
> is not running.
>
> Can anybody shed some light on this? Google doesn't seem to offer much
> in the way of explanation.
>
> Regards
>
> Tony

Hi,

Well if you see a strange command connecting to net, try running
Terminal, type "man (command name)" , e.g.

cable25-100:/etc ilgaz$ man nmbd

NAME
       nmbd - NetBIOS name server to provide NetBIOS over IP naming services
       to clients
(snip arguments part)
DESCRIPTION
       This program is part of the samba(7) suite.

       nmbd is a server that understands and can reply to NetBIOS over IP name
       service requests, like those produced by SMB/CIFS clients such as Win-
       dows 95/98/ME, Windows NT, Windows 2000, Windows XP and LanManager
       clients. It also participates in the browsing protocols which make up
       the Windows "Network Neighborhood" view.

Have a nice day

Ilgaz
Received on Thu Sep 29 19:59:45 2005