Title: Network (In)Security Through IP Packet Filtering 
Authors:D. Brent Chapman   
File name:pubdocfirewallsBrent_Chapman_packet_filtering.ps.Z 
File size:52202 bytes 

Abstract: Ever-increasing numbers of IP router
products are offering packet filtering as a tool for improving
network security. Used properly, packet filtering is a useful
tool for he security-conscious network administrator, but its
effective use requires a thorough understanding of its
capabilities and weaknesses, and of the quirks of the particular
protocols that filters are being applied to. This paper examines
the utility of IP packet filtering as a network security measure,
briefly contrasts IP packet filtering to alternative network
security approaches such as application-level gateways, describes
what packet filters might examine in each packet, and describes
the characteristics of common application protocols as they
relate to packet filtering. The paper then identifies and
examines problems common to many current packet
filteringmplementations, shows how these problems can easily
undermine the network administrator's intents and lead to a false
sense of security, and proposes solutions to these problems. 
Finally, the paper concludes that packet filtering is currently a
viable network security mechanism, but that its utility could be
greatly improved with the extensions proposed in the paper.