In general I have incoming connections disabled by my security software (Little Snitch). But even when I do this, on public wifi, I see numerous incoming connections for netbios and mDNSResponder allowed automatically.
For example, at a recent hotel stay, I was confronted with a long list as soon as a logged on to the wifi there (listed as automatically allowed by Little Snitch)
which quickly grew to the thousands
What are these incoming connections for? Why are they being automatically allowed? Are they a security threat?
Note that if I explicitly block all of these connections using Little Snitch, my network access fails, but the network still seems to function when I alternatively block incoming connections using Apple's (OS X 10.9) firewall
and enable stealth mode
Best Answer
netbios
You could block the
netbiosconnections withLittle Snitch. These connections are connections attempt most usually coming from Windows sharing the same Wi-Fi network and testing which share and printers are available on your computer. This protocol behaves like a guy entering a new building and testing all door knobs, when the door opens he asks: What's your name? What do you share? Do you print? This protocol is stupid, and dangerous, but most notably for Windows. This protocol is the leading vector of malware broadcast inside LAN of companies using Windows since more than 20 years (toward the floppies era). This protocol is responsible of the largest security damages within big companies.netbiosis a security threat.On all my Mac I tear off this service (
netbiosd), during the post installation procedure (see: …to disable WINS in Network settings, working on 10.7, 10.8, 10.9).mDNSResponder
You couldn't and shouldn't block the
mDNSResponderbecause you would break the normal working of the DNS on your Mac. I.e. you won't be able to find the IP address ofwww.microsoft.com.mDNSREsponderisn't a security threat (today).Firewall setting
Your method to block connection through the MacOS X firewall is the correct and safe one within any aggresive environment.