Hi!
Reading through security blogs I found a rather interesting article regarding current generation firewalls. Since ROS is equipped with stateful firewall it may be also vulnerable.
Article is published at http://www.cynet.com/blog/, but looking at the link it may change so I made a screenshot: http://i.imgur.com/WN98i5F.png
Could someone from MikroTik comment on that?