Why did I receive an Amazon GuardDuty Denial of Service (DoS) finding type for my Amazon EC2 instance?

Last updated: 2020-03-06

Amazon GuardDuty detected a Denial of Service (DoS) finding with my Amazon Elastic Compute Cloud (Amazon EC2) instance.

Short Description

The GuardDuty Backdoor:EC2/DenialOfService finding type indicates that an Amazon EC2 instance is sending large amounts of outbound TCP or UDP traffic to another remote host. This might be due to a Denial of Service (DoS) attack. If this behavior isn't expected, your Amazon EC2 instance might be compromised.

Note: The Backdoor:EC2/DenialOfService finding type detects EC2 instances performing Denial of Service (DoS) attacks only with public routable IP addresses.

For additional information, see the Backdoor:EC2/DenialOfService finding types.

Resolution

Follow the instructions for remediating a compromised EC2 instance.

For additional information, see How Amazon GuardDuty Uses Its Data Sources.