What is a 'firewall sniffer'?
How do they compromise the security of:
- Windows firewall
- Router firewall
- NAT firewall
EDIT: In light of John's answer below, I will rephrase the question:
What are the main risks associated with the above security components? Are firewalls at risk of people using 'network sniffers' or other 'sniffers'?
It's not a real technical term. Remember, you read it in a newspaper, the foremost propagators of misinformation. Most likely what was being referred to are network sniffers. Unless of course that journalist knows someone with a really weird fetish.
Edit (resulting from the question edit)
To the extent that knowledge is power network, sniffers and port scanners (another possible explanation of "firewall sniffer") are indeed a threat. i.e. Finding an open port or protocol based vulnerability is a problem because it presents an attacker with a definite attack vector.
As such tools are common place, and most of us use them for various purposes, anyone managing firewall and other security devices must work on the assumption that the "bad guys" also have those tools. One of the more legitimate uses of those tools is in fact testing our own firewalls to determine weaknesses, with the intention of fixing any that may be found. Someone wanting to attack them could reasonably be expected to do likewise.
While John is correct that it is not a security term or technology per se, if you wanted to snoop traffic for nefarious purposes, putting a data tap at the firewall would give you a good view of all interactions with the Internet. Due to the nature of switched networks, there may be no one place to snoop all LAN traffic.
This begs the issue - There is no information security without physical security. No one should be able to install such a data tap, at least not internally on your network, both topologically and physically so close to your firewall.
Note- Sniffer is a trademark of Network General.
Firewalls are an asset and not a liability. Firewalls prevent certain packets from reaching your system. A badly configured firewall, however, can cause some problems. For instance if you have a firewall that is set to send back a packet to inform of an error, that can be a problem if you were trying to hide your computer. That is trivial, though, considering that without one, the returned packet could have given much more information.
AFAIK it is not possible to tell from the outside what firewall you have on your system. If it is configured properly it can make it hard to get any information about your system. There really is very little to "sniff" for. Mostly, there are tools to try to see what makes it through your firewall or find ways around it, but not the firewall itself.
In simple words. 1,2,3 - protect computer only from unwanted incoming connections. Or in best cases of 1 protect from unwanted outgoing connections. But sniffer make attack on connections you want to establish or already establish.
Even in switched network, packets can be intercepted and readed, replaced or modified.
Only encryption can protect from sniffer. But when using open keys you must avoid kind of attack "man in middle". Exchange keys over trusted channels or using key certificates, signed by trusted sides.