We're not all lucky enough to have IT budgets that provide for expensive IDS/IPS/NBA systems. But don't fret, there are some troubleshooting tools out there that can help you, for free, and I'll make a habit of sharing those with you in my blog as I discover them.
One such tool I use all the time is called nMap. I frequently use nMap in my Windows environment to gather information on what TCP ports are listening for connections on a given PC or server. I recently remotely scanned my own laptop from a server to check the health of my system. I was perplexed to see that nMap told me that port 25 was listening on my laptop. I then did a quick telnet to port 25 of my laptop and was greeted with:
220 tc4400.asdf.com Microsoft ESMTP MAIL Service, Version: 6.0.2600.33 11 ready at Sat, 12 Apr 2008 17:19:00 -0400
If I were to see this prompt on my exchange server, I would be happy, but to see it on my own laptop made me cringe. A couple cups of coffee later, I realized that I enabled the SMTP Server on my local IIS install, and had the server open for anonymous SMTP relay. That's a filet mignon for worms looking for PC's to zombie and turn into SPAM bot's.