use any free firewall and make a rule to block incoming connection to ports 135-139,445,1025-1026,500 Tcp as well as udp ( all udp not needed but this ports are of no use anyway) from sify network ..if u dont want to run firewall(if u find it annoying) then start-->run-->secpol.msc and make new policy in ip security policies to block icmp ( if u want to ) as weelll as above ports and u will be safe enough if u dont run any server programs.......best thing about ipsec is it doesnt use any extra memory bcoz its service is already kept running even if u dont enable it ( u can disable of u want) . This is good for less config pc's for win2k Disable $ sharesDisable DCOMDisable NETBIOSDisable netbios name exposingthis arent needed if u block above ports anyway