nerdexam
EC-Council

312-50V10 · Question #652

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

The correct answer is D. 139 and 445. Null sessions exploit unauthenticated SMB and NetBIOS connections, requiring ports 139 and 445 to be filtered to block them.

Enumeration

Question

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

Options

  • A137 and 139
  • B137 and 443
  • C139 and 443
  • D139 and 445

How the community answered

(33 responses)
  • A
    3% (1)
  • C
    6% (2)
  • D
    91% (30)

Why each option

Null sessions exploit unauthenticated SMB and NetBIOS connections, requiring ports 139 and 445 to be filtered to block them.

A137 and 139

Port 137 is the NetBIOS Name Service used only for hostname resolution, not for establishing session-level null connections - the correct second port is 445, not 137.

B137 and 443

Port 443 is HTTPS and has no relationship to NetBIOS or SMB null sessions, making this combination entirely incorrect.

C139 and 443

While port 139 is correct, port 443 is HTTPS and is unrelated to null sessions - the correct pairing is 139 and 445 (SMB over TCP).

D139 and 445Correct

Null sessions are unauthenticated connections established over NetBIOS Session Service (TCP port 139) and SMB directly over TCP (port 445), both allowing anonymous IPC$ connections on Windows NT/2000 systems. Filtering both ports prevents attackers from enumerating users, shares, and system policies without credentials.

Concept tested: Null session ports NetBIOS SMB filtering

Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/direct-hosting-of-smb-over-tcpip

Topics

#null session#NetBIOS#SMB#port filtering

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice