12.9. Packet Filtering with Windows NT
Windows NT supports static packet filtering of IP traffic. Although the capabilities of this filtering are somewhat rudimentary, they can provide some additional security. Because NT uses static packet filters, it cannot maintain state. This means that NT's filters are unable to distinguish between legitimate acknowledgment traffic and possible attacks.
See Chapter 5 for an in-depth discussion of static packet filtering versus dynamic packet filtering.
Windows NT does not allow you to specify the direction of traffic when applying your packet filters. All filtering is done on inbound SYN=1 traffic only. This means that if someone is able to compromise your system, NT's packet filters will be unable ...