Solved

Rogue PC accessing port 25

Posted on 2015-01-08
6
155 Views
Last Modified: 2015-01-08
Our service provider notified us of why our bandwidth was being affected.  They said that a rogue PC is trying to access port 25 on our network.  Is there a way to locate which PC is doing this?  Are there any tools that I can download to locate it?
0
Comment
Question by:al4629740
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 7

Expert Comment

by:tolinrome
ID: 40538975
Besides your mail server another pc is trying to send on port 25? Wireshark.
Do you have an IDS\IPS system. Can you look in the firewall logs?
0
 

Author Comment

by:al4629740
ID: 40539041
I don't know the answer to those questions...

Our mail server is outside our LAN.  Can I use Wireshark for free and if so how would I locate the pc?  I used Wireshark a long time ago.
0
 
LVL 7

Expert Comment

by:tolinrome
ID: 40539063
certainly you have a firewall no?

What specifically does the ISP mean by "a rogue PC is trying to access port 25 on our network"?

Did they say the source was internal or external?

Anyway check the firewall logs for clients trying to send on port 25 thats the first thing I would do.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 7

Expert Comment

by:tolinrome
ID: 40539073
Also, antivirus should be able to detect this and send alerts.
0
 

Author Comment

by:al4629740
ID: 40539080
They said the host was external.  

We only have Panda Antivirus on the PCs.  Do I need to just check all the virus programs?
0
 
LVL 7

Accepted Solution

by:
tolinrome earned 500 total points
ID: 40539170
Block port 25 on your firewall from all IP addresses except your incoming mail server provider ip's
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
what is mstp 6 68
Adnexus.net keeps getting hit from OpenDNS 12 64
Changing the default VLAN on a Cisco switch? 9 72
pfsense upgrade from 2.2.6 to 2.3.3 28 35
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question