Why did I receive an Amazon GuardDuty Denial of Service (DoS) finding type for my Amazon EC2 instance?
Last updated: 2020-03-06
Amazon GuardDuty detected a Denial of Service (DoS) finding with my Amazon Elastic Compute Cloud (Amazon EC2) instance.
The GuardDuty Backdoor:EC2/DenialOfService finding type indicates that an Amazon EC2 instance is sending large amounts of outbound TCP or UDP traffic to another remote host. This might be due to a Denial of Service (DoS) attack. If this behavior isn't expected, your Amazon EC2 instance might be compromised.
Note: The Backdoor:EC2/DenialOfService finding type detects EC2 instances performing Denial of Service (DoS) attacks only with public routable IP addresses.
For additional information, see the Backdoor:EC2/DenialOfService finding types.
Follow the instructions for remediating a compromised EC2 instance.
For additional information, see How Amazon GuardDuty Uses Its Data Sources.