GEN:SID 1:530
Message NETBIOS NT NULL session
Summary This event is generated when an attacker sends a blank username and blank password in an attempt to connect to the IPC$ (Interprocess Communication) pipe.
Impact Information gathering. This attack can permit the disclosure of sensitive information about the target host.
Detailed Information Null sessions allow browsing of Windows hosts by the "Network Neighborhood" and other functions.  A Null session permits access to a host using a blank user name and password.  At attacker may attempt to perform a Null session connection, disclosing sensitive information about the target host such as available shares and user names.
Affected Systems Microsoft Windows hosts
Attack Scenarios An attacker can send a blank username and blank password to try to connect to the IPC$ hidden share on the target computer.
Ease of Attack Simple.
Corrective Action On Windows NT, 2000, XP set the registry key /System/CurrentControlSet/Control/LSA/RestrictAnonymous value to 1.
Additional References Arachnids
http://www.whitehats.com/info/IDS204

CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0519
Rule References arachnids: 204
bugtraq: 1163
cve: 2000-0347