Reputation: 35
Vulnerability Scans Against Newly Launched EC2
I launched an EC2 instance a few days ago, it's launched from an ECS service. It's only being used by me and a couple of others for testing purposes. It hosts an API that an iOS app connects to. Almost immediately in the logs I started seeing and continue to see vulnerability scans against it similar to the below.
2020-07-14T08:27:37.031+01:00 [0;36m[ INFO ][0m ERROR From: XXX.XXX.XXX.XXX:XXXXX, Description: GET / HTTP/1.1
Host: X.X.XXX.XX
User-Agent: Mozilla/5.0 zgrab/0.x
Accept: /
Accept-Encoding: gzip
The scans are against the IP rather than the DNS and a series of scans are run every few hours. This is the first time I've run an EC2 for any period of time, always used Heroku before now which either hid these things from me or never encountered them. Is this just them scanning entire IP address ranges and finding my service or do I have a leak somewhere that's alerting them to the launch of the service?
Thanks in advance.
Upvotes: 0
Views: 3630
Answers (1)
Reputation: 3659
Internet is being scanned by the crawlers and scanners all the time. Hard to tell whether the purpose is malicious or not. The one scanning you is the zgrab tool you can find here: https://zmap.io/.
Upvotes: 2
Related Questions
- Elastic Beanstalk security patches
- How do install security updates on an Amazon Linux AMI EC2 instance?
- Hardening AWS EC2 Instances
- Amazon Community AMI's + Security
- EC2 Systems Manager - Install security patches
- Safety of Amazon Community AMIs
- Intrustion Detection System on the AWS platform
- How to run security updates automatically in new instance?
- Amazon EC2 and Pen-Testing Form
- steps to securing amazon EC2+EBS