nerdexam
EC-Council

312-50V10 · Question #629

Why would an attacker want to perform a scan on port 137?

The correct answer is D. To discover information about a target host using NBTSTAT. Port 137 (NetBIOS Name Service) is scanned to enumerate information about a Windows target, equivalent to what the nbtstat command retrieves.

Scanning Networks

Question

Why would an attacker want to perform a scan on port 137?

Options

  • ATo discover proxy servers on a network
  • BTo disrupt the NetBIOS SMB service on the target host
  • CTo check for file and print sharing on Windows systems
  • DTo discover information about a target host using NBTSTAT

How the community answered

(41 responses)
  • A
    7% (3)
  • B
    2% (1)
  • C
    2% (1)
  • D
    88% (36)

Why each option

Port 137 (NetBIOS Name Service) is scanned to enumerate information about a Windows target, equivalent to what the nbtstat command retrieves.

ATo discover proxy servers on a network

Proxy servers operate on ports such as 8080, 3128, or 1080; port 137 is dedicated exclusively to NetBIOS Name Service and does not indicate the presence of a proxy.

BTo disrupt the NetBIOS SMB service on the target host

Disrupting the NetBIOS SMB service describes a denial-of-service objective, whereas scanning port 137 is a reconnaissance activity aimed at information gathering, not service disruption.

CTo check for file and print sharing on Windows systems

File and print sharing on Windows uses port 445 (SMB direct over TCP) and port 139 (NetBIOS Session Service); port 137 handles only name resolution, not file or print sharing traffic.

DTo discover information about a target host using NBTSTATCorrect

Port 137 (UDP and TCP) hosts the NetBIOS Name Service, and querying it allows an attacker to retrieve the target's NetBIOS name table - including the computer name, logged-on users, domain or workgroup membership, and MAC address - mirroring the output of the Windows nbtstat command. This passive reconnaissance provides valuable mapping data that attackers use to identify roles, users, and network structure before launching further attacks.

Concept tested: NetBIOS Name Service port 137 reconnaissance via NBTSTAT

Source: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nbtstat

Topics

#port 137#NetBIOS#NBTSTAT#Windows networking

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice