Sean thanks I just reread XP sp2 details and your right sp2 starts the
firewall SOONER during boot (like before it starts
most network services 
http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnwx
p/html/securityinxpsp2.asp
Boot time security. In earlier versions of Windows there is a window of
time between when the network stack started and when ICF provided
protection. Consequently, a packet could have been received and
delivered to a service without ICF filtering it, potentially exposing
the computer to vulnerabilities. In SP2, the firewall driver has a
static rule called a boot-time policy to perform stateful filtering.
This will allow the computer to perform basic networking tasks such as
DNS and DHCP and communicate with a Domain Controller to obtain policy.
Once the firewall service is running, it will load and apply the
run-time ICF policy and remove the boot-time filters. This change should
increase system security without affecting applications.
Donald.Smith@qwest.com GCIA
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC
kill -13 111.2