dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
20242
raye
Premium Member
join:2000-08-14
Orange, CA

raye

Premium Member

[OS X] Disabling NetBIOS broadcasts in Leopard

I recently bought a MacBook Pro loaded version (2.6 GHz dual core, 4 GB RAM, etc. I have been using a Tiger Mac in my Windows AD domains for a few years now (via Thursby ADMitMac 3rd party plug-in) and it has worked great. With this purchase of a Leopard-based Mac I noticed that NetBIOS broadcasts are on by default. Since I have not used NetBIOS since pre-Win2K I wanted to turn it off. No need to flood the network with useless packets plus it is a security risk IMHO.

Trouble is there is NO WAY TO TURN NetBIOS OFF. At least from what I could see. AppleCare folks were stumped as well, and have elevated it to Engineering. While my network switches and Windows machines have NetBIOS disabled, it is the outside world where I am concerned. I suspect it is a setting in some *.conf file

If anyone has a clue please let me know. It is annoying that my Virtual Vista via Parallels has the ability to disable NetBIOS, but main Leopard OS does not.

leXicon5
Pelosi, SHUT YOUR Fing Pie Hole
Premium Member
join:2000-12-27
Saint Louis, MO

leXicon5

Premium Member

Click for full size
IIRC, NetBIOS traffic is not on by default. Scan port 138...using the Network Utility. It's closed or not functioning....
I believe when you join a workgroup/domain is when it's opened.

We've never needed ADmitMac as we've used ExtremeZ-IP or other products on the server or just connected to our AD server via SMB.
leXicon5

1 edit

leXicon5 to raye

Premium Member

to raye
Click for full size
Correction....ports 137, 139, and 150 are all NetBIOS ports.
All closed by default.

Epyon9283
Premium Member
join:2001-12-26
Trenton, NJ

Epyon9283 to raye

Premium Member

to raye
AFAIK, to kill netbios completely you'll need to add the following lines to /etc/smb.conf.

disable netbios = yes
smb ports = 445


You'll also need to stop nmbd from starting. You can do that with the following command:

sudo launchctl unload -w /System/Library/LaunchDaemons/nmbd.plist


Doing this will probably break name resolution of windows clients via netbios (of course). It may also break browsing windows networks.

leXicon5
Pelosi, SHUT YOUR Fing Pie Hole
Premium Member
join:2000-12-27
Saint Louis, MO

leXicon5 to raye

Premium Member

to raye
Upon further inspection, port 137 is open (netbios-ns).

You can disable that port manually....

If this were a real security threat, you can bet your house the entire world would be screaming about it.
Port 137 is outgoing only. Incoming is closed as I have shown.
raye
Premium Member
join:2000-08-14
Orange, CA

raye to Epyon9283

Premium Member

to Epyon9283
This disables the NetBIOS server. The NetBIOS client still sends out broadcasts. This is disabled easily in Windows but I now have a support call into Apple to find out how to disable on OS X.

Why would I want unsolicited broadcasts coming out of my machine?

Epyon9283
Premium Member
join:2001-12-26
Trenton, NJ

Epyon9283

Premium Member

said by raye:

This disables the NetBIOS server. The NetBIOS client still sends out broadcasts. This is disabled easily in Windows but I now have a support call into Apple to find out how to disable on OS X.

Why would I want unsolicited broadcasts coming out of my machine?
Use the built in firewall to stop the broadcasts.


sudo ipfw add 1 deny tcp from any to any 137 out
sudo ipfw add 2 deny udp from any to any 137 out