Just a quick question which some people might find easy.
When im scanning with nmap from time to time i get
a response saying filtered response which as you know
probably means that the port is being blocked by a firewall.

By using techniques like idle scanning using hping or
nmap or using source port scanning you can trick the firewall
to allow your scan through it from time to time if the firewall
doesnt keep state for example.

My question though is, if you do those techniques and discover
that the services are actually running ,what good is it to me
if the latest exploit cant reach those ports behind the firewall
(because of the filtering)
which idle scanning has show me to be running.

Basically ,why use these very cool techniques to see what
services are running behind the firewall if you cant get at them
afterwards.

Maybe a tool to source port your exploit to get through the
firewall and then attack any numbered port you want beyond the firewall?

Be very interested in your responses.
Thanks