Little Snitch keeps alerting me! What is NMDB?

Discussion in 'Networking & Compatibility' started by stizz, Jan 3, 2004.

  1. stizz

    stizz gorilla beta tester

    Joined:
    Sep 27, 2000
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Mac Guru
    Location:
    Los Angeles
    And why the hell does it keep wanting to access various urls with .nl and .ws suffixxes?

    I fear the worst, spyware? malware? something wants to constantly report home. Little snitch tells me that it is an application callled "nmdb". a search of my system turned up no such app.

    :confused:

    The application "nmbd" wants to connect to dup-200-64-161-252.prodigy.net.mx on UDP port 1027

    The application "nmbd" wants to connect to 237-ZARA-X13.libre.retevision.es on UDP port 1031 (iad2)
     
  2. xauxau

    xauxau Registered

    Joined:
    Jan 3, 2004
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    It's part of SAMBA, and is used for Windows network share name browsing.

    Xau
     
  3. stizz

    stizz gorilla beta tester

    Joined:
    Sep 27, 2000
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Mac Guru
    Location:
    Los Angeles
    so it is innoculous? or does that mean my mac is trying to contact windoze machines? i just got this one most recently:

    The application "nmbd" wants to connect to ipdial-247-144.info.com.ph on UDP port 1025 (blackjack)
     
  4. stizz

    stizz gorilla beta tester

    Joined:
    Sep 27, 2000
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Mac Guru
    Location:
    Los Angeles
    The application "nmbd" wants to connect to daol-148-235-239-170.atdn.aol.com on UDP port 1031 (iad2)
     
  5. stizz

    stizz gorilla beta tester

    Joined:
    Sep 27, 2000
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Mac Guru
    Location:
    Los Angeles
    oops
     
  6. bweylock

    bweylock Registered

    Joined:
    Feb 20, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    LA, CA
    Did you ever get an answer anywhere to this question? Boggles my mind that only the two of us would be curious about this. You're the only other person mentioning this in all my google and macfixit searches.
     
  7. Darkshadow

    Darkshadow wandering shadow

    Joined:
    Jul 17, 2001
    Messages:
    1,532
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    DE, USA
    If you're not connecting to Windows machines or letting them connect with Samba, go into the Sharing preference pane and deselect "Windows Sharing" - that'll stop the messages.
     
  8. bweylock

    bweylock Registered

    Joined:
    Feb 20, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    LA, CA
    Thanks. I do know how to stop them and how to turn off Windows sharing. The problem is that I do need to connect to the PC rather frequently and need to connect to the overall LAN to do any printing.

    The other is that I want to know what is going on and why no one seems upset about it. Seems to me that a lot of people have Windows sharing enabled for very good reasons and are probably defenseless against these events.

    Yes?

    Thanks again.
     
  9. nixgeek

    nixgeek Mac of the SubGenius! :-)

    Joined:
    Jan 2, 2004
    Messages:
    8,621
    Likes Received:
    5
    Trophy Points:
    0
    Occupation:
    Microsystems Tech for two elementary schools.
    Location:
    Miami, FL
    It's possible that it could be the work of a spammer using the Windows Messaging Service (not MSN messenger, but the Windows Messenger dialogue window that you get when you use "net send" on NT/2K/XP or WinPopUp on Win9x) to deliver spam messages.

    If you are not sharing out to Windows machines, turn off Windows Sharing.
     
  10. Damrod

    Damrod Registered

    Joined:
    Aug 26, 2002
    Messages:
    408
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Aachen, Germany
    hm, you could do a whois or a trace to find out where the machine is, and what exactly is it's name.

    You say, you have to connect to a windows network... ask the administrator of the network if he knows the hostnames and/or Ip-adresses (I persume you mean a company network, it's not 100% clear from your post). If you don't have to provide data for the windows machines, turn of Windows File Shareing. For safetys sake alone. ;)

    Best thing would really be to locate the machines Nmdb want to connect to, and to find out if the machines are inside or outside of the LAN. If they're inside, I persume it's standard SAMBA traffic, if they're outside, I would deny the connect for nmdb to the servers.
     
  11. pds

    pds Registered

    Joined:
    Oct 4, 2002
    Messages:
    2,472
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    On the edge.
    My machine was doing that and I just told it not to allow it ever. I don't network with pc's much and if I do, I'll just turn off little snitch.

    no problems since then. I figure it's those pesky ads in html mail.
     
  12. Mephisto

    Mephisto Exemplar Iconoclast

    Joined:
    Jan 9, 2005
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    0
    It is likely an infected PC scanning for other boxes to infect. Port 1025 is a well known vector for a Windows based worm whose name is escaping me at the moment. If you have a firewall external to your Mac try blocking ports 1025-1031 for everything outside the local subnet.

    The problem with the MAC OS X firewall is two fold. It blocks everything on a port or nothing so you can not restrict access to windows shares (as an example) to the local subnet. Further I think in 10.3.8 you no longer can block ports used by servers that are active. I used to run FTP and block port 21 except when I needed to receive something but now whenever I have FTP active it opens the port and does not let me close it, which I find highly annoying.
     
  13. EvenStranger

    EvenStranger Registered User

    Joined:
    Apr 29, 2002
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    0
  14. kilamanjaro

    kilamanjaro Registered

    Joined:
    Oct 24, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    NMBD network chatter - as flagged up by 'Little Snitch' - has bugged and worried me for a long time (PowerBook G4; Tiger 10.4.3; 1.5GHz; 80GB HD; 768MB RAM). I have FINALLY discovered a solution (though not a reason) that lets you both share on a local area network AND stop nmbd from doing anything on the Net. I've tried it and 'Snitch' has been quiet ever since. I found this (from the developers of Little Snitch) on an extended Google mission:

    [Note about instructions (for those who, like me, were initially puzzled by this): when you get to this point ' - Click "Choose..." to select the application type the path to nmdb (/usr/sbin/nmbd) ' AFTER selecting "Choose" you type the path (/usr/sbin/nmbd) into the top right hand window with the magnifier icon in it. A list will come up showing dark grey icons (UNIX processes), amongst which will be 'nmbd'. Select that. ].

    By the way FYI, if you want to look up any of the IP addresses nmbd tries to get to (I don't care anymore!) there's a great lookup service on http://openrbl.org/


    From: On Monday, Nov 24, 2003, at 18:24 Europe/Vienna, [EMAIL PROTECTED] wrote:

    Hi,

    i use windows sharing on my home nertwork to connect a windows laptop to my macs. is it therefore nmbd pops up every few seconds. and is there a rule to block this permanently and to leave samba on my network working

    _______________________________________________
    Littlesnitch-talk mailing list
    [EMAIL PROTECTED]
    http://at.obdev.at/mailman/listinfo/littlesnitch-talk
    Re: [Littlesnitch-talk] NMBD again
    Little Snitch Support
    Mon, 24 Nov 2003 13:56:58 -0800

    Hi,

    Simply add the following rules.

    nmbd Allow connections to your local network
    nmbd Deny any connection.

    Add the rules manually or simple change one of your existing rules.

    How to add a rule manually.
    - Open the Little Snitch preference pane within the "System Preferences" application.
    - Click on the round "lock" button to unlock the preference pane. You will be asked for your username and password.
    - By clicking "New..." you can create a new rule.
    - Click "Choose..." to select the application
    type the path to nmdb (/usr/sbin/nmbd)
    - Permission: Select "Allow"
    - Server: Select "Any" in your case "local network"
    - Port: Select "Any"
    - Protocol: Select "Any"
    - Click the save Button.

    Best regards,
    Karl Schwarzott
    --
    Objective Development
    http://www.obdev.at/

    Peace,

    Kilamanjaro

    "Oh do pay attention 007. In the wrong hands, this new Dual-core 3.5GHz PowerBook Intel Mac could be very dangerous."
     

Share This Page