The infrastructure of a rural county that has the public works offices such as police department, library, and fire department which is all interconnected.
If an external malicious IP is trying to establish a connection to an internal host, the firewall is responsible for stopping the connection.
One of the members of the NSOC was doing some threat hunting and found a known reported malicious external IP connecting to an internal host. The IP found was connecting to the internal host via SMTP using an executable file.
The customer was notified, and they added a firewall rule to prevent this from occurring again.
Just because the port is a known protocol doesn’t mean that it can’t be exploited and cause a breach in a network.