Microsoft network services, particularly file and print sharing and the computer
browse service [My Network Places] uses the anonymous logon/null session and you can
see quite a few events especially when computers/users are not part of a domain. I
have seen as many as a dozen of those events in less than a minute with pairs of 540
[logon with computer name, but no user] and 538 logoff events when I browse My
Network Places form a remote computer. These events in themselves are not indicative
of hacking attempts. You need not be concerned as long as you have a properly
configured firewall protecting your computer from the internet and are not seeing a
lot of logon failures, particularly from non default accounts in rapid succession
failures - possibly locking that account out. Null sessions can be used to access
user and group names, which is why you want to have a firewall as it would give
hackers a leg up on attacking your network. Using complex passwords and a account
lockout policy of no less than ten lockouts with a ten minute or so lockout duration
will go a long way in protecting your network from outside and inside attacks. See
the link below for more information. --- Steve
http://www.microsoft.com/technet/Security/topics/hardsys/tcg/tcgch05.mspx#XSLTsection156121120120
