What is the purpose of filtering ports 137 and 139?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

What is the purpose of filtering ports 137 and 139?

Explanation:
NetBIOS over TCP/IP uses ports 137 and 139 to support Windows network file sharing and name resolution. If these ports are open, an attacker can establish null sessions—anonymous connections to a Windows host that allow enumeration of usernames, shares, and other information. Filtering these ports blocks those unauthenticated connections, reducing the risk of information disclosure and reconnaissance. This is why the best answer is to prevent unauthorized null sessions on the network. Web traffic and remote desktop use different ports (like 80/443 for web and 3389 for RDP), so blocking 137 and 139 specifically targets the SMB/NetBIOS exposure.

NetBIOS over TCP/IP uses ports 137 and 139 to support Windows network file sharing and name resolution. If these ports are open, an attacker can establish null sessions—anonymous connections to a Windows host that allow enumeration of usernames, shares, and other information. Filtering these ports blocks those unauthenticated connections, reducing the risk of information disclosure and reconnaissance. This is why the best answer is to prevent unauthorized null sessions on the network. Web traffic and remote desktop use different ports (like 80/443 for web and 3389 for RDP), so blocking 137 and 139 specifically targets the SMB/NetBIOS exposure.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy