312-50V11 · Question #629
Why would an attacker want to perform a scan on port 137?
The correct answer is D. To discover information about a target host using NBTSTAT. Port 137 is the NetBIOS Name Service port, which attackers scan to enumerate host information using tools like NBTSTAT.
Question
Why would an attacker want to perform a scan on port 137?
Options
- ATo discover proxy servers on a network
- BTo disrupt the NetBIOS SMB service on the target host
- CTo check for file and print sharing on Windows systems
- DTo discover information about a target host using NBTSTAT
How the community answered
(16 responses)- C6% (1)
- D94% (15)
Why each option
Port 137 is the NetBIOS Name Service port, which attackers scan to enumerate host information using tools like NBTSTAT.
Proxy servers listen on ports such as 8080 or 3128, not port 137, which is exclusively associated with NetBIOS Name Service.
Scanning a port is a passive reconnaissance activity and does not disrupt or attack the service listening on that port.
File and print sharing relies on ports 139 and 445 (SMB/CIFS), not port 137, which is limited to NetBIOS name resolution.
Port 137 runs the NetBIOS Name Service (NBNS), and the NBTSTAT utility queries this port to retrieve details such as NetBIOS name table, MAC address, and logged-in usernames from a remote host. This makes it a high-value reconnaissance target, allowing attackers to map hostnames and services without needing credentials.
Concept tested: NetBIOS Name Service port 137 reconnaissance
Source: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nbtstat
Topics
Community Discussion
No community discussion yet for this question.