To block NetBIOS and related Windows networking traffic from traversing a firewall (especially from external sources), you should block the following ports:
Port 135 (TCP/UDP): Microsoft RPC endpoint mapper (DCOM/RPC)
Port 139 (TCP): NetBIOS Session Service
Port 445 (TCP): Direct-hosted SMB over TCP/IP (Windows 2000+)
These ports are commonly used for:
File sharing
RPC-based communication
Windows network services
From CEH v13 Official Courseware:
Module 3: Scanning Networks
Module 4: Enumeration
CEH v13 Study Guide states:
“To prevent external enumeration, remote file sharing, and NetBIOS attacks, administrators should block inbound access to ports 135, 139, and 445 on the firewall.”
Incorrect Options:
A (110): POP3 mail service
D (161): SNMP
F (1024): High ephemeral port; not specific to NetBIOS
[Reference:CEH v13 Study Guide – Module 4: Enumeration → NetBIOS Enumeration PreventionMicrosoft Security Best Practices – Block SMB Ports (135–139, 445), ==================================================================, , ]
