The presentation examines the suitability of stateful packet filters as a security measure in university and research lab networks: First a brief examination of the issues: Network security requirements of research users and science projects Scalability of stateful packet filtering in multi-10Gbps contexts Examples of the CAPEX cost to deploy 10Gbps-capable hardware firewalls Then, some alternative approaches are investigated: A brief review of dissenting voices of the past (eg: "Three Myths of Firewalls"") Alternative approaches being taken in the present, such as: Stateless packet filtering (ACL filters on university border routers, ESNet\'s Science DMZ concept) Scalable intrusion prevention (BRO IDS cluster at University of Utah) Hybrid stateful/stateless systems (trusted flow bypass - eg Cisco TFA) Finally some analysis of the above alternative approaches is presented including their benefits over expensive box dropping, and the new risks they expose.