Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Rogue PC accessing port 25

Posted on 2015-01-08
6
Medium Priority
?
160 Views
Last Modified: 2015-01-08
Our service provider notified us of why our bandwidth was being affected.  They said that a rogue PC is trying to access port 25 on our network.  Is there a way to locate which PC is doing this?  Are there any tools that I can download to locate it?
0
Comment
Question by:al4629740
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 7

Expert Comment

by:tolinrome
ID: 40538975
Besides your mail server another pc is trying to send on port 25? Wireshark.
Do you have an IDS\IPS system. Can you look in the firewall logs?
0
 

Author Comment

by:al4629740
ID: 40539041
I don't know the answer to those questions...

Our mail server is outside our LAN.  Can I use Wireshark for free and if so how would I locate the pc?  I used Wireshark a long time ago.
0
 
LVL 7

Expert Comment

by:tolinrome
ID: 40539063
certainly you have a firewall no?

What specifically does the ISP mean by "a rogue PC is trying to access port 25 on our network"?

Did they say the source was internal or external?

Anyway check the firewall logs for clients trying to send on port 25 thats the first thing I would do.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 7

Expert Comment

by:tolinrome
ID: 40539073
Also, antivirus should be able to detect this and send alerts.
0
 

Author Comment

by:al4629740
ID: 40539080
They said the host was external.  

We only have Panda Antivirus on the PCs.  Do I need to just check all the virus programs?
0
 
LVL 7

Accepted Solution

by:
tolinrome earned 2000 total points
ID: 40539170
Block port 25 on your firewall from all IP addresses except your incoming mail server provider ip's
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question