nerdexam
EC-Council

312-50V9 · Question #554

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

The correct answer is D. 139 and 445. Null sessions in Windows environments exploit unauthenticated anonymous connections over NetBIOS and SMB, which operate on ports 139 and 445.

Enumeration

Question

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

Options

  • A137 and 139
  • B137 and 443
  • C139 and 443
  • D139 and 445

How the community answered

(38 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    5% (2)
  • D
    89% (34)

Why each option

Null sessions in Windows environments exploit unauthenticated anonymous connections over NetBIOS and SMB, which operate on ports 139 and 445.

A137 and 139

Port 137 is the NetBIOS Name Service used for name resolution queries, not for establishing null sessions; null sessions require session-layer ports 139 and 445.

B137 and 443

Port 443 is HTTPS (SSL/TLS web traffic) and has no role in null session establishment; it is unrelated to NetBIOS or SMB communication.

C139 and 443

Port 443 is HTTPS and is unrelated to null sessions; filtering only port 139 is insufficient because modern Windows systems also accept direct SMB connections on port 445.

D139 and 445Correct

Null sessions establish anonymous connections to Windows IPC$ shares using NetBIOS Session Service (TCP port 139) and direct SMB hosting (TCP/UDP port 445). Filtering both ports prevents unauthenticated enumeration of users, groups, password policies, and shares from Windows NT/2000 systems. These two ports are the primary vectors through which null session attacks are conducted.

Concept tested: Windows null session attack vectors and port filtering

Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/restrict-null-sessions

Topics

#null sessions#SMB#NetBIOS#port filtering

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice