Those are normal in a Windows network. Many processes are done without authenticating
[null session] using an account/password. Processes such as the browse service,
changing passwords on downlevel clients, NT4 ras servers, intraforest trusts, and
others. You would have to spend a lot of time with Netmon to find more info on these
events. I would not be too concerned about them if your network is properly secured
with a firewall and good password/account policies. Null sessions can be exploited to
extract user, groups, and share information. If you see unusual amounts of logon
failures from known user accounts, that may tip you off to that happening which can
also happen from inside the network where at least you will know what machine the
attempts are coming from. --- Steve
http://support.microsoft.com/?kbid=246261 -- description of anonymous account uses.