You already found out how they hit you, through a NetBIOS null session. Theres really no reason to even have to know how to perform an attack like this to 'further your knowledge,' because even if you do know how they do the attack you still are just going to disable NetBIOS since its the easiest and best solution to the problem.