Why would an attacker want to perform a scan on port 137?

Why would an attacker want to perform a scan on port 137?

Why would an attacker want to perform a scan on port 137?

A.
To discover proxy servers on a network

B.
To disrupt the NetBIOS SMB service on the target host

C.
To check for file and print sharing on Windows systems

D.
To discover information about a target host using NBTSTAT

Explanation:
Microsoft encapsulates netbios information within TCP/Ip using ports 135-139. It is trivial for an attacker to issue the following command:

nbtstat -A (your Ip address)

from their windows machine and collect information about your windows machine (if you are not blocking traffic to port 137 at your borders).



Leave a Reply 0

Your email address will not be published. Required fields are marked *