Why did I receive an Amazon GuardDuty Denial of Service (DoS) finding type for my Amazon EC2 instance?

Last updated: 2022-11-30

Amazon GuardDuty detected a Denial of Service (DoS) finding with my Amazon Elastic Compute Cloud (Amazon EC2) instance.

Short description

The GuardDuty Backdoor:EC2/DenialOfService finding type indicates that an Amazon EC2 instance is sending large amounts of outbound TCP or UDP traffic to another remote host. This might be due to a Denial of Service (DoS) attack. If this behavior isn't expected, then your Amazon EC2 instance might have unauthorized activity.

Note: The Backdoor:EC2/DenialOfService finding type detects EC2 instances performing Denial of Service (DoS) attacks only with public routable IP addresses.

For additional information, see the Backdoor:EC2/DenialOfService.tcp finding types.


Follow the instructions for to identify and stop unauthorized activity for the EC2 instance.

For additional information, see How Amazon GuardDuty uses its data sources.