Reputation: 61
DoS Attacks launched from my java app on aws EC2 instance
I got an email from AWS saying that they limited access to my EC2 instance because a DoS attack was launched from it. I swear it wasn't me.
Basically, all I have in this EC2 instance is Tomcat7 with a java app deployed to it. The java app is a simple web app with REST calls exposed through Jersy, so nothing super fancy since I am only using it to learn web services. The java app also is connected to an RDS mysql instance to expose the database through the REST services.
I am trying to narrow down my search area to find out how this DoS attack happened from my instance. What could have caused it? what are the security measures I need to take to prevent this from happening again?
Upvotes: 2
Views: 378
Answers (1)
Reputation: 16522
Apparently chances are you instance might been compromised and somebody might have logged into your instance and set up the necessary base to initiate and launch and DoS. If you have the code base for the "learning web services stuff" and do not have any critical application running, better you start a new instances from scratch; you have spoken / got the access from AWS.
Few Security Measures recommended
- Change the Key / Access Key - Rotate the password often
- Do not expose 22 / 3389 to 0.0.0.0/0 rather enable it only for your exit IP ( or local Public IP ) in the SG
- Have CloudWatch Alarms set to alert you by emails of Network Out, high CPU etc.
Upvotes: 2
Related Questions
- Automatically block DOS attacks in AWS
- Logs getting flooded with AWS Http calls
- Direct IP Attacks, ElastickBeanstalk/NGINX
- Flooded requests in apache access log from unknown urls
- Your Amazon EC2 Abuse Report
- How to handle bots attack on Amazon EC2
- protection agains DOS websocket with ip address
- Dealing with / preventing potentially malicious requests (AWS, Node.js)
- DoS Attack my localhost tomcat
- Preventing DoS attacks in tomcat 6