http://support.microsoft.com/kb/886185
After you set up Microsoft Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that your computer can be accessed by anyone on the Internet when you use a dial-up connection to connect to the Internet.
This problem occurs because of the way that Windows Firewall interprets local subnets when the ³My network (subnet) only² option is used. Windows Firewall is included with Windows XP SP2.
Because of the way that some dialing software configures routing tables, Windows Firewall in Windows XP SP2 can sometimes interpret the whole Internet to be a local subnet. This can let anyone on the Internet access the Windows Firewall exceptions. When the "My network (subnet) only" option is enabled, it is automatically selected for file and print sharing. Therefore, your shared drives can be unexpectedly revealed on the Internet when you use a dial-up connection.
To resolve this problem, you must download and install the Critical Update for Windows XP (KB886185)
...how many ways can Redmond say "oops?"
Oh, you wanted a firewall. We thought you said firestorm.
Sheesh.