My (application) firewall settings are configured to block incoming connections from netbiosd. I don't recall setting this myself, and wonder what the consequences are. What are the consequences of blocking incoming connections for netbiosd? If I generally block incoming connections as a precaution, should I block netbiosd as well? I have Little Snitch installed on my system (macos x 10.5.5, MacPro (early 2008), 2xquad xeon, 6 gig memory, etc). Nmblookup is a NetBIOS over TCP/IP client used to lookup NetBIOS names and map them to IP Addresses and is a part of OS X and Samba and I would just make it a permanent rule to allow.

  1. Report generated: 2018-03-14 00:53:29
  2. Runtime: 2:34
  3. Anything that appears on this list needs immediate attention.
  4. No Time Machine backup - Time Machine backup not found.
  5. Gatekeeper disabled - Gatekeeper security protection is disabled. This computer is at risk of malware infection.
  6. Minor Issues:
  7. These issues do not need immediate attention but they may indicate future problems.
  8. Unsigned files - There is unsigned software installed. They appear to be legitimate but should be reviewed.
  9. 32-bit Apps - This machine has 32-bits apps that may have problems in the future.
  10. Hardware Information:
  11. iMac Pro Model: iMacPro1,1
  12. 32 RAM Upgradeable
  13. 8 GB DDR4 2666 ok
  14. 8 GB DDR4 2666 ok
  15. 8 GB DDR4 2666 ok
  16. 8 GB DDR4 2666 ok
  17. Radeon Pro Vega 56 - VRAM: 8 GB
  18. disk0 - APPLE SSD AP1024M 1.00 TB (Solid State - TRIM: Yes)
  19. disk0s1 - EFI [EFI] 315 MB
  20. disk1s1 - A******n (APFS) 1.00 TB 581.79 GB
  21. disk1s2 - Preboot (APFS) [APFS Preboot] 1.00 TB 24 MB
  22. disk1s3 - Recovery (APFS) [Recovery] 1.00 TB 515 MB
  23. disk1s1 - A******n 1.00 TB (400.52 GB free)
  24. Mount point: /
  25. APFS
  26. Encrypted
  27. Network:
  28. One IPv4 address
  29. 802.11 a/b/g/n/ac
  30. Interface en7: Bluetooth PAN
  31. iCloud Quota: 7.09 GB available
  32. System Software:
  33. Time since boot: Less than an hour
  34. System Load: 2.78 (1 min ago) 2.04 (5 min ago) 1.37 (15 min ago)
  35. Security:
  36. Gatekeeper Anywhere
  37. Launchd: /Library/LaunchDaemons/org.virtualbox.startup.plist
  38. Executable: /Library/Application Support/VirtualBox/LaunchDaemons/VirtualBoxStartup.sh restart
  39. Details: Exact match found in the whitelist - probably OK
  40. Launchd: ~/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist
  41. Executable: /Applications/VirtualBox.app/Contents/MacOS/vboxwebsrv
  42. Details: Exact match found in the whitelist - probably OK
  43. Launchd: /Library/LaunchDaemons/org.macports.rsyncd.plist
  44. Executable: /opt/local/bin/daemondo --label=rsyncd --start-cmd /opt/local/etc/LaunchDaemons/org.macports.rsyncd/rsyncd.wrapper start ; --stop-cmd /opt/local/etc/LaunchDaemons/org.macports.rsyncd/rsyncd.wrapper stop ; --restart-cmd /opt/local/etc/LaunchDaemons/org.macports.rsyncd/rsyncd.wrapper restart ; --pid=fileauto --pidfile /opt/local/var/run/rsyncd.pid
  45. Details: Exact match found in the whitelist - probably OK
  46. Launchd: /Library/LaunchDaemons/org.freedesktop.dbus-system.plist
  47. Executable: /opt/local/bin/dbus-daemon --system --nofork
  48. Details: Exact match found in the whitelist - probably OK
  49. Launchd: /Library/LaunchAgents/org.freedesktop.dbus-session.plist
  50. Executable: /opt/local/bin/dbus-daemon --nofork --session
  51. Details: Exact match found in the whitelist - probably OK
  52. 32-bit Applications:
  53. Find Any File 1.9.2
  54. CdHereiTerm
  55. InkServer 10.9
  56. ACR_10_2 4.3.0.256
  57. SoftRAID Easy Setup 5.6.5
  58. Google Earth 7.1
  59. Roxio Restore 1.0.4
  60. AAMLauncherUtil 10.0.0.49
  61. AAM Updates Notifier 9.0.0.281
  62. quicklookd32 5.0
  63. SpyderCheckr 1.2.2
  64. KBRG_8_0 4.3.0.256
  65. Audacity 2.1.0.0
  66. CdHere
  67. CORE_1_0_32 4.3.0.256
  68. COSY_2_4_4_32 4.3.0.256
  69. /Applications/DiskWarrior.app
  70. [Not Loaded] DiskWarriorPreview.kext (5.0 - SDK 10.5)
  71. [Not Loaded] ProxifierS.kext (2.21.0 - SDK 10.12)
  72. [Not Loaded] OWC_SATA_Command_10_6.kext (8.0.6)
  73. [Not Loaded] OWC_SCSI_Device_0E.kext (1.0.6)
  74. [Not Loaded] TDIXController.kext (2.0)
  75. [Loaded] VBoxDrv.kext (5.2.8)
  76. [Loaded] VBoxNetFlt.kext (5.2.8)
  77. /Library/Application Support/org.pqrs/Karabiner-VirtualHIDDevice/Extensions
  78. [Loaded] org.pqrs.driver.Karabiner.VirtualHIDDevice.v050000.kext (5.0.0 - SDK 10.13)
  79. [Loaded] LittleSnitch.kext (4.0.5 - SDK 10.11)
  80. System Launch Agents:
  81. [Loaded] 165 Apple tasks
  82. [Other] One Apple task
  83. System Launch Daemons:
  84. [Loaded] 179 Apple tasks
  85. [Not Loaded] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2018-03-14)
  86. [Running] at.obdev.LittleSnitchUIAgent.plist (Objective Development Software GmbH - installed 2018-03-11)
  87. [Running] at.obdev.LittleSnitchHelper.plist (Objective Development Software GmbH - installed 2018-03-11)
  88. [Running] com.softraid.SoftRAIDMonitor.plist (SoftRAID LLC - installed 2018-03-11)
  89. [Not Loaded] org.pqrs.karabiner.karabiner_console_user_server.plist (Fumihiko Takayama - installed 2018-03-10)
  90. [Not Loaded] com.adobe.AAM.Updater-1.0.plist (? cdf72e96 - installed 2018-03-13)
  91. [Loaded] org.macosforge.xquartz.startx.plist (Apple Inc. - XQuartz - installed 2016-10-26)
  92. [Not Loaded] org.freedesktop.dbus-session.plist (? 5d31cfb1 - installed 2017-12-24)
  93. [Loaded] com.epson.esua.launcher.plist (Seiko Epson Corporation - installed 2017-11-07)
  94. [Not Loaded] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2018-03-14)
  95. Launch Daemons:
  96. [Not Loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2018-03-14)
  97. [Not Loaded] org.macports.rsyncd.plist (? 80494b94 - installed 2018-02-11)
  98. [Loaded] com.peterborgapps.LingonX5Helper.plist (Peter Borg Apps AB - installed 2018-03-14)
  99. [Loaded] com.bombich.ccchelper.plist (Bombich Software, Inc. - installed 2018-03-11)
  100. [Not Loaded] org.virtualbox.startup.plist (? 700b9385 - installed 2018-03-13)
  101. [Running] at.obdev.littlesnitchd.plist (Objective Development Software GmbH - installed 2018-03-11)
  102. [Running] com.softraid.softraidd.plist (SoftRAID LLC - installed 2018-03-11)
  103. [Not Loaded] org.freedesktop.dbus-system.plist (? e1cd8f49 - installed 2017-12-24)
  104. [Not Loaded] com.adobe.acc.installer.plist (Adobe Systems, Inc. - installed 2018-03-14)
  105. [Loaded] org.macosforge.xquartz.privileged_startx.plist (Apple Inc. - XQuartz - installed 2016-10-26)
  106. [Not Loaded] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2018-03-14)
  107. [Loaded] com.barebones.authd.plist (Bare Bones Software, Inc. - installed 2018-03-11)
  108. [Running] org.pqrs.karabiner.karabiner_grabber.plist (Fumihiko Takayama - installed 2018-03-10)
  109. [Not Loaded] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2018-03-14)
  110. [Loaded] com.corecode.UninstallPKGDeleteHelper.plist (CoreCode Limited - installed 2018-03-11)
  111. User Launch Agents:
  112. [Not Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2018-02-03)
  113. [Not Loaded] org.virtualbox.vboxwebsrv.plist (? 0 - installed 2018-02-26)
  114. [Not Loaded] com.adobe.AAM.Updater-1.0.plist (? 0 - installed 2018-03-13)
  115. User Login Items:
  116. iTunesHelper Application (Apple, Inc. - installed 2018-03-11)
  117. (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
  118. (/Applications/DiskWarrior.app/Contents/Helpers/DiskWarriorStarter.app)
  119. Find Any File Hotkey Application (Thomas Tempelmann - installed 2018-03-11)
  120. (/Applications/Find Any File.app/Contents/Library/LoginItems/Find Any File Hotkey.app)
  121. handyPrintUserDaemon Application (Bernard Maltais - installed 2016-11-23)
  122. (/Applications/handyPrint.app/Contents/Library/LoginItems/handyPrintUserDaemon.app)
  123. (/Applications/BetterTouchTool.app)
  124. Helper SMLoginItem (SweetP Productions, Inc. - installed 2018-03-04)
  125. (/Applications/Cookie.app/Contents/Library/LoginItems/Helper.app)
  126. LingonXAgent SMLoginItem (Peter Borg Apps AB - installed 2018-03-11)
  127. (/Applications/Lingon X.app/Contents/Library/LoginItems/LingonXAgent.app)
  128. ShiftyHelper SMLoginItem (Nate Thompson - installed 2018-01-10)
  129. (/Applications/Shifty.app/Contents/Library/LoginItems/ShiftyHelper.app)
  130. Internet Plug-ins:
  131. AdobePDFViewerNPAPI: 17.012.20098 (installed 2018-03-13)
  132. AdobePDFViewer: 18.011.20038 (installed 2018-03-13)
  133. AdobeAAMDetect: 3.0.0.0 (installed 2018-03-13)
  134. Safari Extensions:
  135. Ghostery.safariextz - GHOSTERY, Inc. - https://www.ghostery.com/ (installed 2018-03-11)
  136. Omnikey.safariextz - Mario Estrada - http://marioestrada.github.com/safari-omnikey/ (installed 2018-03-11)
  137. Tampermonkey.safariextz - Jan Biniok - http://tampermonkey.net (installed 2018-03-11)
  138. Time Machine:
  139. Process (count) Source % of CPU
  140. Terminal Apple 2
  141. kernel_task Apple 1
  142. Process (count) Source RAM usage
  143. Safari (2) Apple 441 MB
  144. Little Snitch Network Monitor (2) Objective Development Software GmbH 391 MB
  145. mdworker (17) Apple 359 MB
  146. Top Processes by Network Use:
  147. com.apple.WebKit.Networking Apple 1 MB 19 KB
  148. apsd Apple 54 KB 33 KB
  149. netbiosd Apple 1 KB 354 B
  150. Top Processes by Energy Use:
  151. WindowServer Apple 2
  152. Terminal Apple 1
  153. Little Snitch Network Monitor (2) Objective Development Software GmbH 0
  154. com.apple.appkit.xpc.openAndSavePanelService (3) Apple 0
  155. Virtual Memory Information:
  156. Free RAM 12.72 GB
  157. Cached files 10.84 GB
  158. Name Version Install Date
  159. Deliveries 3.0.7 2018-03-11
  160. FileBot 4.7.19 2018-03-13
  161. Oracle VM VirtualBox 5.2.8 2018-03-13
  162. Diagnostics Information (past 7 days):
  163. 2018-03-14 00:37:42 Last Shutdown Cause: -20 - Unknown (once)
  164. *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[NSTaggedPointerString unsignedIntegerValue]: unrecognized selector sent to instance 0x3015'
  165. terminating with uncaught exception of type NSException
  166. 2018-03-13 22:52:26 cloudd Crash (once)
  167. *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Path /Users/USER/Library/Caches/*/MMCS deleted/renamed, crashing.'
  168. terminating with uncaught exception of type NSException
  169. 2018-03-13 21:07:39 MEGAsync.app Crash (once)
  170. 2018-03-13 20:58:30 Adobe Premiere Pro CC 2018.app Crash (once)
  171. 2018-03-12 23:31:46 SpyderCheckr_1.2.2_Installer.app CPU (once)
  172. 2018-03-12 19:32:17 com.apple.WebKit.WebContent Crash (once)
  173. BrowserBundleController
  174. 2018-03-11 05:38:59 installd CPU (once)
  175. End of report

Snitchery

Little snitch Rule set(s)

Installation:

  1. Open Littledsnitch config
  2. Place hot_pocket in wave: do
  3. cook on high for 2.5 min
  4. click import rules (where applicable i.e. 'all over')

Theory / Mechanics / General Thoughts

Litle snitch has some really amazing features, namely, auto profile switching for different networks.

I always begin with setting a 'deny connections' for everything, then, allowing what I need. It took me a long time to figure this part out. Precision auto tune estimator. This will save you from having a pop up every goddamn second when you fire this baby up.

When you import these rules you'll most certainly have applications that I don't and vice versa. You will see this expressed in the approprate menu on the left side of the Little Snitch config.

This set is nowhere near finished but it's a great starting point for someone to 'train' their own firewall. My general 'rule of thumb' (sorry ladies) has been to adhere to the rule of least permissions. This is great in theory but unfortunately in the real world it becomes extrememly annoying to approve rules on a domain by domain basis. So, I have been training the snitch via Port and Protocol and not the full-on, super annoying, domain based rules.

Rules and Profiles

Profiles:

What Is Netbios On Windows

  • Home
  • Obviously, home network with very permissive rules.
  • Hotspot
  • This one is a work in progress as I rarely use 'hotspots'
  • iPoop (iPhone)
  • This is similar to the Hotspot but should be used with a 'trusted device'
  • Public
  • Super strict ruleset for public networks.
  • Public +
  • Similar to Public but a bit more permissive in order to get work done.
  • Vadded (VPN)
  • I used mullvad as my preferred VPN provider for a long time. Now, I configure my own VPN's through digital ocean. The idea is the same either way, because of encryption, we can use this as the permissive set.

Get Netbios Name

Rules:

What Is Netbios Little Snitch Game

  • Effective in all profiles

  • Only the default system bits and VPN connectivity.

  • Home

  • accountsd (443)

  • Addressbook (443)

  • Adobe desktop service (DENY) (I HATE THE AMOUNT OF ADOBE BS.)

  • AGS (see above)

  • Airplay (7000)

  • AKD (443)

  • Alfred (443)

  • Atom (443)

  • Calender Agent (443)

  • Clip Menu (DENY)

  • CloudD (443)

  • com.geod (80, 443) (For device tracking)

  • Safe Browsing (443)

  • Contacts (443)

  • Core Sync (Adobe) (DENY)

  • Creative Cloud (443)

  • Docker (443)

  • Firefox (ANY)

  • Gamed (DENY) (I fucking hate gamed!)

  • Google Update (DENY) (I prefer to do this manually)

  • helpd (DENY) (i google anyway)

  • imagent (5523) (This is for messages to work)

  • iStat Menus (443)

  • iTerm2 (ALLOW ALL)

  • iTunes (443)

  • ksfetch (DENY) (This is for google update and I have no faith in google. Again. Manually take care of updates. Also, when / if you use Chrome it will tell you there're updates anyway.)

  • Little Snitch Update (443)

  • locationd (443) (This is for find my mac to work. I always keep this enabled for all profiles because if my laptop is ever stolen, i'd hate to have little snitch block me from finding it! (this HAS happened to me!))

  • Mail (443, 585, 143, 993, 465)

  • mapspushd (443 to domain: apple)

  • MEGAclient (ANY)

  • Messages (DENY 80, ALLOW 443)

  • nbagent (ANY) (This is for NETBIOS and the Bonjour service as far as I have read.. I need to play with this one a bit more)

  • node (ANOTHER ADOBE BS.. DENY)

  • node (for creative cloud allow 443)

  • nsurlsessiond (ANY) (This is for proper name server addressing. I need to investigate this one as well)

  • OPENVPN (ALLOW ANY) (both user processes and system)

  • photolibraryd (DENY) (I don't use the photo cloud BS.. so.. deny.)

  • Photos Agent (443) (as far as I can tell, this one is just for photo app updates and the like.)

  • Safari (ANY)

  • Slack (443)

  • SoftwareUpdateD (deny) (i need to revisit this one)

  • Spectacle (443) (another one I need to revisit)

  • Stocks (443)

  • Store Accountsd (ANY)

  • Store Assets D (443)

  • Thunderbird (DENY 80, ALLOW mail protocol ports only)

  • Transmission (DENY) (We don't want un-encrypted torrents on our home network do we?)

  • Unity (443)

  • User event agent (80) (revisit)

  • Weather (443 to apple only)

⇐ ⇐ Ag Cook Beautiful Rustie Remix Download
⇒ ⇒ Vst Plugin Analyser By Christian Budde Download