Rogue PC accessing port 25

Our service provider notified us of why our bandwidth was being affected.  They said that a rogue PC is trying to access port 25 on our network.  Is there a way to locate which PC is doing this?  Are there any tools that I can download to locate it?
al4629740Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
tolinromeConnect With a Mentor Commented:
Block port 25 on your firewall from all IP addresses except your incoming mail server provider ip's
0
 
tolinromeCommented:
Besides your mail server another pc is trying to send on port 25? Wireshark.
Do you have an IDS\IPS system. Can you look in the firewall logs?
0
 
al4629740Author Commented:
I don't know the answer to those questions...

Our mail server is outside our LAN.  Can I use Wireshark for free and if so how would I locate the pc?  I used Wireshark a long time ago.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
tolinromeCommented:
certainly you have a firewall no?

What specifically does the ISP mean by "a rogue PC is trying to access port 25 on our network"?

Did they say the source was internal or external?

Anyway check the firewall logs for clients trying to send on port 25 thats the first thing I would do.
0
 
tolinromeCommented:
Also, antivirus should be able to detect this and send alerts.
0
 
al4629740Author Commented:
They said the host was external.  

We only have Panda Antivirus on the PCs.  Do I need to just check all the virus programs?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.