There is only one question / answer that I could find related to QID 34011 - "QID 34011 - How does QualysGuard detect Firewalls? ".
I question the statement "When there is no firewall between the scanner and the target host, all TCP packets sent by the scanner to the target host should trigger a reply packet from the target host.". If I remember my TCP basics, a reply will ONLY be generated if there is actually a service listening on any given port. So a box with zero services running / no ports exposed (yea, I know...) would not generate any responses.
What is the actual full list of ports that are "tickled" to make the firewall / no firewall determination? I see the statement in results of the QID -
"Some of the ports filtered by the firewall are: 20, 21, 23, 25, 53, 80, 111, 135, 443, 445."
Is this list complete for the FW determination? (odd, that 22 is not in the list above...)
Thank you in advance for your assistance...