Should I block incoming connections from "netbiosd"?
My (application) firewall settings are configured to block incoming connections from netbiosd
. I don't recall setting this myself, and wonder what the consequences are.
What are the consequences of blocking incoming connections for netbiosd
? If I generally block incoming connections as a precaution, should I block netbiosd
as well?
netbiosd is responsible for interacting with NetBIOS networks. NetBIOS is Microsoft's networking service.
If you block incoming netbiosd connections then you will not be able to share drives over netbios which is the simplest way to share data to Windows machines.
If you generally block incoming connections as a precaution the you should block anything until you actually need it, that is until something breaks. So yes block netbiosd to begin with.
NetBIOS is legacy for decades. Before IP became more or less the standard layer 3 network protocol also in home/company networks, other protocols were directly used on top of layer 2 networks (layer 2 means Ethernet, Token Ring, etc.) One of them was NetBIOS, created by IBM in 1983 and it became very popular as Microsoft decided to use it for Windows. Another popular one was IPX, created by Xerox in the late 80s, which became very popular as Novell used it in their NetWare operating system.
Later on that protocol was split into two parts: NetBUI and NetBIOS. NetBUI was the low level part, that allowed NetBIOS to run directly on top of layer 2, whereas NetBIOS was on a higher level and thus could now also be used on top of the IP protocol stack, since IP more and more replaced all other layer 3 protocols. That way Microsoft could continue to use NetBIOS, even though IP became the new standard layer 3 protocol in Windows.
NetBIOS implements three things:
- Name resolution, comparable to DNS (or rather mDNS)
- Datagram service, communication comparable to UDP
- Session service, communication comparable to TCP
Today it is mainly used by Windows for name resolution and service discovery, comparable to DNS-SD on macOS/Linux (Apple calls it Bonjour), SSDP (the discovery protocol of UPnP), or SLP (which is mainly used for discovering network printers today). It's only used as a communication protocol when trying to connect to a very old Windows machine, where protocols like SMB would still run on top of NetBIOS (today they run on top of TCP/IP).
NetBIOS is very inefficient in larger networks as it works with broadcasts and it produces a lot of broadcast traffic; there are companies where 30% of all network traffic on the LAN are NetBIOS broadcasts. SSDP and DNS-SD are more efficient, as they use multicast instead of broadcasts and try to limit the amount of announcements to a reasonable level. DNS-SD even uses service caching which can further reduce the amount of multicast traffic dramatically. IMHO DNS-SD is the best discovery protocol in use, it's the discovery protocol of ZeroConf, which is widely supported by Linux systems and also by macOS (Apple calls it Bonjour but that's just the name of Apples ZeroConf implementation).
Blocking netbiosd is safe, it will only prevent your Mac from announcing services via NetBIOS broadcasts and it will prevent your system from receiving NetBIOS broadcasts. This has two consequences:
-
Windows machines will not "see" your computer on the LAN. If you share directories of your Mac, this will not be known by Windows computers. However, they can still access them if required. They will only need to know your IP address and when opening
\\<YourIP>\
, they get a list of available shares or they can directly connect to a share using\\<YourIP>\<ShareName>
(of course only after successful authentication). -
Your Mac won't be able to "see" Windows machines in the LAN that only announce their shares via NetBIOS. You can still access such shares if you know their IP address. Therefor you open Finder, select
Go > Connect to Server...
(or CMD+K) and entersmb://<IP>
orsmb://<IP>/<ShareName>
. Newer Windows machines, that also announce their shares via SSDP are seen by macOS, since Bonjour also understands SSDP multicasts.