nerdexam
Exams312-50V11Questions#652
EC-Council

312-50V11 · Question #652

312-50V11 Question #652: Real Exam Question with Answer & Explanation

The correct answer is D: 139 and 445. Null sessions on Windows NT/2000 systems operate over NetBIOS and SMB, requiring TCP/UDP ports 139 and 445 to be filtered to block unauthenticated IPC$ connections.

Enumeration

Question

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

Options

  • A137 and 139
  • B137 and 443
  • C139 and 443
  • D139 and 445

Explanation

Null sessions on Windows NT/2000 systems operate over NetBIOS and SMB, requiring TCP/UDP ports 139 and 445 to be filtered to block unauthenticated IPC$ connections.

Common mistakes.

  • A. Port 137 is the NetBIOS Name Service used for name resolution queries, not for establishing session-layer null session connections; it is not sufficient to filter alongside 139.
  • B. Port 443 is HTTPS and is entirely unrelated to NetBIOS or SMB null session traffic.
  • C. Port 443 (HTTPS) plays no role in null session attacks; the correct pairing is 139 (NetBIOS Session Service) and 445 (SMB).

Concept tested. Null session ports filtering on Windows networks

Reference. https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/prevent-null-session-connections-to-ipc-share

Topics

#null session#NetBIOS#SMB#port 445

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V11 Practice
Null sessions are un-authenticated connections (not using a... | 312-50V11 Q#652 Answer | NerdExam