jeudi 26 mars 2015

Amazon ec2 abuse report

I have couple of AWS EC2 instances running with following security group rules.


0-65535 tcp 0.0.0.0/0


I have installed tomcat7 on those instances and one war file deployed in the tomcat7 web container. After few days getting abuse report for EC2 instance from Amazon. This happened twice in a month.



Dear Amazon EC2 Customer,
We've received a report that your instance(s):

Instance Id: i-XXXXXXXX

has been making Denial of Service attacks against remote hosts on the Internet; check the information provided below by the abuse reporter.

This is specifically forbidden in our User Agreement: http://ift.tt/Rm0Ott

Please immediately restrict the flow of traffic from your instances(s) to cease disruption to other networks and reply this email to send your reply of action to the original abuse reporter. This will activate a flag in our ticketing system, letting us know that you have acknowledged receipt of this email.

It's possible that your environment has been compromised by an external attacker. It remains your responsibility to ensure that your instances and all applications are secured. The link http://ift.tt/Y1rOpf
provides some suggestions for securing your instances.

Case number: 10594124920-1

Additional abuse report information provided by original abuse reporter:
* Destination IPs: 
* Destination Ports: 
* Destination URLs: 
* Abuse Time: Tue Mar 24 16:43:00 UTC 2015
* Log Extract: 
<<<
It has come to our attention that Denial of Service (DoS) attacks were launched from your instance to IP(s) 141.101.117.122 via UDP port(s) 80. Please investigate your instance(s) and reply detailing the corrective measures you will be taking to address this activity.

In the meantime, we have blocked outbound UDP 80 on the instance(s) to prevent further abuse.

If you believe that you were compromised by an external attacker, the best recourse is to back up your data, migrate your applications to a new instance, and terminate the old one. Attempting to repair a compromised instance does not guarantee a successful cleanup in most cases. We recommend reviewing the following resources to ensure your EC2 environment is properly secured.


Does anybody know whats wrong over here?





Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)