Why did I receive an Amazon GuardDuty Denial of Service (DoS) finding type for my Amazon EC2 instance?
Last updated: 2021-01-08
Amazon GuardDuty detected a Denial of Service (DoS) finding with my Amazon Elastic Compute Cloud (Amazon EC2) instance.
Short description
The GuardDuty Backdoor:EC2/DenialOfService finding type indicates that an Amazon EC2 instance is sending large amounts of outbound TCP or UDP traffic to another remote host. This might be due to a Denial of Service (DoS) attack. If this behavior isn't expected, your Amazon EC2 instance might have unauthorized activity.
Note: The Backdoor:EC2/DenialOfService finding type detects EC2 instances performing Denial of Service (DoS) attacks only with public routable IP addresses.
For additional information, see the Backdoor:EC2/DenialOfService.tcp finding types.
Resolution
Follow the instructions for to identify and stop unauthorized activity for the EC2 instance.
For additional information, see How Amazon GuardDuty uses its data sources.
Related information
Did this article help?
Do you need billing or technical support?