(Extracted from SANS Top 20 List) A Null Session connection, also known as Anonymous Logon, is a mechanism that allows an anonymous user to retrieve information, such as user names and shares, over the network, or to connect without authentication. It is used by applications such as explorer.exe to enumerate shares on remote servers. On Windows NT and Windows 2000 systems, many local services run under the SYSTEM ID. The SYSTEM account is used for various critical system operations. When one machine needs to retrieve system data (like available shares, users, etc) from another, the SYSTEM account will open a null session to the other machine.
(Extracted from SANS Top 20 List) Domain controllers require Null sessions to communicate. Therefore, if you are working in a domain environment, you can minimize the information that attackers can obtain, but you cannot stop all leakage. To limit the information available to attackers, modify the following registry key:
HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=1
Because of this vulnerability, Internet users should never be allowed to access any internal domain controller. To stop such access, block the following ports at the external router or firewall:
TCP and UDP 135 through 139 and 445