"Filters the traffic coming across it dynamically, an architecture known as stateful packet inspection (SPI) or dynamic packet filtering. It allows for packets of data to be inspected more thoroughly than stateless firewalls, which can only monitor traffic based on static values, such as the address where the packet originated. Stateful firewalls are used when security is preferred over speed"
I ran a scan against a host externally using a third party product and and it came back with ports TCP:5190 and TCP:1863 as being
vulnerable. After looking into it further, on the targets these service were not running and or listening on those ports. So I looked the ruleset on the firewall and there is nothing referring to any of these ports. So I began researching the issue and these are Statefull firewalls (Cisco ASA 5500 and Juniper SSG).
So would this be the reason that when running a scan against a SPI firewall, you would see all ports as being filtered and only the ones that have been specified as being closed("Drop") or opened ("Forwarded or Open")as being rules specifically specified in the ruleset? If that is the case then why is there only certain services responding to ports? I am confused/