Why did I receive a GuardDuty Denial of Service (DoS) finding type for my Amazon EC2 instance?
1 minute read
0
I want to troubleshoot a Denial of Service (DoS) finding that Amazon GuardDuty detected for my Amazon Elastic Compute Cloud (Amazon EC2) instance.
Short description
The GuardDuty Backdoor:EC2/DenialOfService finding type shows that an Amazon EC2 instance is sending large amounts of outbound TCP or UDP traffic to another remote host. This might be because of a Denial of Service (DoS) attack. If this behavior isn't expected, then your Amazon EC2 instance might have unauthorized activity.
Note: The Backdoor:EC2/DenialOfService finding type only detects EC2 instances that perform Denial of Service (DoS) attacks with public routable IP addresses.