[Cyber Command] Situation Awareness detected that Endpoint had port 161 open, but the port was not actually open

Problem Description

Situational Awareness detected that Endpoint open port 161

Effective troubleshooting steps

Check the traffic log to see that it is released.

The packet details also show that the traffic is passing normally, but there is no pcap packet available for download

In the assets, it also shows that the port is exposed

Root cause

Based on UDP traffic, as long as there is a request to access ports 53, 161, and 162, Endpoint is considered to have opened the relevant ports.

solution

Mechanism issues, no need to deal with, just explain it clearly to the customer

Operation Impact Scope

no effect

Original Link

https://support.sangfor.com.cn/cases/list?product_id=24&type=1&category_id=10057&isOpen=true