Which of the following is NOT a common weakness of packet filtering firewalls?

A.
Vulnerability to denial-of-service and related attacks.

B.
Vulnerability to IP spoofing.

C.
Limited logging functionality.

D.
No support for advanced user authentication schemes.

Explanation:
Packet filters are useful in IP address spoofing attack prevention because they are capable of filtering out and
blocking packets with conflicting source address information (packets from outside the network that showsource addresses from inside the network and vice-versa).
Incorrect Answers:
A: Packet filtering firewalls, as they are stateless, are vulnerable to denial-of-service attacks. A stateful firewall
would be able to handle these attacks better.
C: Logging is no problem when using packet filtering firewalls.
D: Packet filter gateways cannot ensure strong user authentication.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 630