|
Posted by Ilgaz Ocal on July 28, 2005, 9:36 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I am running a Mac G5 with 10.3.9 and have just discovered that at
> regular but intermittent intervals, several times an hour, the process
> nmbd attempts to make a UDP contact with a wide variety of addresses
> mostly US based, but some European, on various ports ranging from 135
> to 62253.
>
> I run Firewalk X2 but have not worried in the past about what apps and
> processes were getting out, just incoming, but turned logging on the
> other day and discovered this consistent communication. I have blocked
> nmbd for the moment, with no apparent ill effects, but I am very
> curious as to the reason behind it. I don't see how I could have been
> hacked, but it does look suspicious.
>
> This occurs regardless of the apps running at the time, even after
> rebooting and with nothing aside from system services started. I do
> have Virtual PC on the system, but even with it not started, or killing
> it from the activity monitor makes no difference to the activity. Samba
> is not running.
>
> Can anybody shed some light on this? Google doesn't seem to offer much
> in the way of explanation.
>
> Regards
>
> Tony
Hi,
Well if you see a strange command connecting to net, try running
Terminal, type "man (command name)" , e.g.
cable25-100:/etc ilgaz$ man nmbd
NAME
nmbd - NetBIOS name server to provide NetBIOS over IP naming services
to clients
(snip arguments part)
DESCRIPTION
This program is part of the samba(7) suite.
nmbd is a server that understands and can reply to NetBIOS over IP name
service requests, like those produced by SMB/CIFS clients such as Win-
dows 95/98/ME, Windows NT, Windows 2000, Windows XP and LanManager
clients. It also participates in the browsing protocols which make up
the Windows "Network Neighborhood" view.
Have a nice day
Ilgaz
| 
XML site map