Why did I receive an Amazon GuardDuty Denial of Service (DoS) finding type for my Amazon EC2 instance?
Last updated: 2022-11-30
Amazon GuardDuty detected a Denial of Service (DoS) finding with my Amazon Elastic Compute Cloud (Amazon EC2) instance.
The GuardDuty Backdoor:EC2/DenialOfService finding type indicates that an Amazon EC2 instance is sending large amounts of outbound TCP or UDP traffic to another remote host. This might be due to a Denial of Service (DoS) attack. If this behavior isn't expected, then your Amazon EC2 instance might have unauthorized activity.
Note: The Backdoor:EC2/DenialOfService finding type detects EC2 instances performing Denial of Service (DoS) attacks only with public routable IP addresses.
For additional information, see the Backdoor:EC2/DenialOfService.tcp finding types.
Follow the instructions for to identify and stop unauthorized activity for the EC2 instance.
For additional information, see How Amazon GuardDuty uses its data sources.