rayePremium
join:2000-08-14
Orange, CA Reviews:
 ·RoadRunner Cable
| [OS X] Disabling NetBIOS broadcasts in Leopard I recently bought a MacBook Pro loaded version (2.6 GHz dual core, 4 GB RAM, etc. I have been using a Tiger Mac in my Windows AD domains for a few years now (via Thursby ADMitMac 3rd party plug-in) and it has worked great. With this purchase of a Leopard-based Mac I noticed that NetBIOS broadcasts are on by default. Since I have not used NetBIOS since pre-Win2K I wanted to turn it off. No need to flood the network with useless packets plus it is a security risk IMHO.
Trouble is there is NO WAY TO TURN NetBIOS OFF. At least from what I could see. AppleCare folks were stumped as well, and have elevated it to Engineering. While my network switches and Windows machines have NetBIOS disabled, it is the outside world where I am concerned. I suspect it is a setting in some *.conf file
If anyone has a clue please let me know. It is annoying that my Virtual Vista via Parallels has the ability to disable NetBIOS, but main Leopard OS does not. |
|
 leXicon5Pelosi, SHUT YOUR Fing Pie HolePremium
join:2000-12-27
Saint Louis, MO | IIRC, NetBIOS traffic is not on by default. Scan port 138...using the Network Utility. It's closed or not functioning....
I believe when you join a workgroup/domain is when it's opened.
We've never needed ADmitMac as we've used ExtremeZ-IP or other products on the server or just connected to our AD server via SMB.
--
It's B.C., Before Christ. It's A.D. Anno Domini, The year of (Our) Lord. Apparently some people take offense to the name of Jesus Christ. Well, for that I'm not sorry nor will I run and hide from that vocal minority. |
|
leXicon5Pelosi, SHUT YOUR Fing Pie HolePremium
join:2000-12-27
Saint Louis, MO
1 edit | reply to raye
Correction....ports 137, 139, and 150 are all NetBIOS ports.
All closed by default. |
|
| reply to raye
AFAIK, to kill netbios completely you'll need to add the following lines to /etc/smb.conf.
disable netbios = yes
smb ports = 445
You'll also need to stop nmbd from starting. You can do that with the following command:
sudo launchctl unload -w /System/Library/LaunchDaemons/nmbd.plist
Doing this will probably break name resolution of windows clients via netbios (of course). It may also break browsing windows networks. |
|
leXicon5Pelosi, SHUT YOUR Fing Pie HolePremium
join:2000-12-27
Saint Louis, MO | reply to raye
Upon further inspection, port 137 is open (netbios-ns).
You can disable that port manually....
If this were a real security threat, you can bet your house the entire world would be screaming about it.
Port 137 is outgoing only. Incoming is closed as I have shown.
--
It's B.C., Before Christ. It's A.D. Anno Domini, The year of (Our) Lord. Apparently some people take offense to the name of Jesus Christ. Well, for that I'm not sorry nor will I run and hide from that vocal minority. |
|
rayePremium
join:2000-08-14
Orange, CA Reviews:
·RoadRunner Cable
| reply to Epyon9283
This disables the NetBIOS server. The NetBIOS client still sends out broadcasts. This is disabled easily in Windows but I now have a support call into Apple to find out how to disable on OS X.
Why would I want unsolicited broadcasts coming out of my machine? |
|
|
|
| said by raye:This disables the NetBIOS server. The NetBIOS client still sends out broadcasts. This is disabled easily in Windows but I now have a support call into Apple to find out how to disable on OS X. Why would I want unsolicited broadcasts coming out of my machine? Use the built in firewall to stop the broadcasts.
sudo ipfw add 1 deny tcp from any to any 137 out
sudo ipfw add 2 deny udp from any to any 137 out
|
|
