Uncertainty about interpreting messages from Little Snitch
August 27, 2011 1:21 PM Subscribe
OSX security question from a total noob, involving uncertainty about interpreting messages from Little Snitch.
The Little Snitch Network Monitor was telling me that nmblookup, smbclient, and mDNSResponder were connecting to Malefirstname-PC.local, Malefirstname-iPad.local, and malefirstname-ipad.local. Just noticed this for the first time when I woke my computer from sleep 15 minutes ago -- I moused over the Network Monitor because it seemed like there was a lot of activity on there. As I started up Firefox and tried to figure out the significance of this, the connections kept occurring at not-incredibly-distant intervals until I blocked them through Little Snitch.
There are two other people who use my network, a girl and a boy. I don't know the latter's name and he just started using the network a couple weeks ago; I figure this could be his stuff, although I wonder why I wouldn't have noticed it before on Network Monitor (could just be that I don't look at Network Monitor too often -- is there a way to view Network Monitor logs?).
Anyway, just wondering whether this seems normal, or whether I have something to be worried about. Sorry if I've been vague or left out important details, will be happy to post clarification/more info as needed.
The Little Snitch Network Monitor was telling me that nmblookup, smbclient, and mDNSResponder were connecting to Malefirstname-PC.local, Malefirstname-iPad.local, and malefirstname-ipad.local. Just noticed this for the first time when I woke my computer from sleep 15 minutes ago -- I moused over the Network Monitor because it seemed like there was a lot of activity on there. As I started up Firefox and tried to figure out the significance of this, the connections kept occurring at not-incredibly-distant intervals until I blocked them through Little Snitch.
There are two other people who use my network, a girl and a boy. I don't know the latter's name and he just started using the network a couple weeks ago; I figure this could be his stuff, although I wonder why I wouldn't have noticed it before on Network Monitor (could just be that I don't look at Network Monitor too often -- is there a way to view Network Monitor logs?).
Anyway, just wondering whether this seems normal, or whether I have something to be worried about. Sorry if I've been vague or left out important details, will be happy to post clarification/more info as needed.
The security concern here is that you have someone you don't know the name of using your network. If there's a logical reason for this carry on, but I have mine locked down well enough that I know the devices and people that access it.
posted by cjorgensen at 4:11 PM on August 27, 2011
posted by cjorgensen at 4:11 PM on August 27, 2011
This thread is closed to new comments.
nmblookup and smbclient: the way OS X talks to Windows computers or computers with Windows style shares. If you want to connect to Windows shares you'll have to unblock this.
mDNSResponder: the way OS X discovers what other machines are on your network, what their names are, and what services they offer. If you want to connect to other OS X machines, or some network devices (network attached storage, printers) you'll have to unblock this.
What triggered these? From your side, anything you might have done that triggered a network browse event. For example, clicking on the Finder/Open/Save sidebar item "Bonjour computers" would have caused these three programs to ask the network what else is out there.
Or maybe a network transition (turning on wireless, switching to ethernet, etc). Or it could have been just a scheduled update of other things on the network.
From the other side, anything your friends did to trigger a network browse even could have woken up these programs and caused them to respond. For example, a friend clicking on their OS X Finder/Save/Open sidebar item "Bonjour computers". Or a friend in Windows clicking on the "Network Places" icon. Or a new printer or network attached storage device being activated.
There are an unlimited number of reasons for these programs to be talking on the network. Keep up with patches and you'll be safe.
posted by sbutler at 1:43 PM on August 27, 2011 [1 favorite]