312-50V10 · Question #652
Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?
The correct answer is D. 139 and 445. Null sessions exploit unauthenticated SMB and NetBIOS connections, requiring ports 139 and 445 to be filtered to block them.
Question
Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?
Options
- A137 and 139
- B137 and 443
- C139 and 443
- D139 and 445
How the community answered
(33 responses)- A3% (1)
- C6% (2)
- D91% (30)
Why each option
Null sessions exploit unauthenticated SMB and NetBIOS connections, requiring ports 139 and 445 to be filtered to block them.
Port 137 is the NetBIOS Name Service used only for hostname resolution, not for establishing session-level null connections - the correct second port is 445, not 137.
Port 443 is HTTPS and has no relationship to NetBIOS or SMB null sessions, making this combination entirely incorrect.
While port 139 is correct, port 443 is HTTPS and is unrelated to null sessions - the correct pairing is 139 and 445 (SMB over TCP).
Null sessions are unauthenticated connections established over NetBIOS Session Service (TCP port 139) and SMB directly over TCP (port 445), both allowing anonymous IPC$ connections on Windows NT/2000 systems. Filtering both ports prevents attackers from enumerating users, shares, and system policies without credentials.
Concept tested: Null session ports NetBIOS SMB filtering
Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/direct-hosting-of-smb-over-tcpip
Topics
Community Discussion
No community discussion yet for this question.