Stateful inspection engines suffer the same disadvantages as packet filters,
because THEY ARE packet filters.
I would say that (my) single biggest problem with packet filtering is
application-level security (e.g. how can a packet filter differentiate a
sendmail server from a rogue webserver running on port 25? It can't. A proxy
can.) OTOH, packet filters are generally faster, mainly because filtering
decisions are made in the lower levels of the IP stack.
I can't speak from experience, but I've also read stories of state tables
becoming corrupt, usually with interesting consequences.
Christopher Zarcone - Data Communications Design Analyst
Lockheed Martin Enterprise Information Systems
com * Chris .
com * czarcone @
My opinions do not necessarily reflect those of my employer.
>Date: Wed, 01 Apr 1998 23:27:59 -0500
>From: "Jon E. Price" <jon @
>Subject: socks versus fw-1 stateful inspection vulnerabilities
>Are there any known or theoretical insecurities or vulnerabilities or other
>shortcomings (eg. performance) using socks or the fw-1 stateful inspection