Which ports must be filtered to check for null sessions on a network?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

Which ports must be filtered to check for null sessions on a network?

Explanation:
Null sessions are unauthenticated connections to Windows network resources using SMB/NetBIOS. The NetBIOS services that handle these connections historically run on specific ports: 137 for NetBIOS Name Service and 139 for NetBIOS Session Service. If a system allows anonymous connections on these ports, an attacker can enumerate shares, users, and other information without credentials. To check for this vulnerability or to protect against it, you test or enforce rules on these NetBIOS ports. Blocking or filtering inbound traffic on 137 and 139 prevents null-session connections, which is why these two ports are the ones you focus on. The other port pairs are for FTP, web traffic, or SQL Server and are not related to null-session enumeration.

Null sessions are unauthenticated connections to Windows network resources using SMB/NetBIOS. The NetBIOS services that handle these connections historically run on specific ports: 137 for NetBIOS Name Service and 139 for NetBIOS Session Service. If a system allows anonymous connections on these ports, an attacker can enumerate shares, users, and other information without credentials. To check for this vulnerability or to protect against it, you test or enforce rules on these NetBIOS ports. Blocking or filtering inbound traffic on 137 and 139 prevents null-session connections, which is why these two ports are the ones you focus on. The other port pairs are for FTP, web traffic, or SQL Server and are not related to null-session enumeration.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy