Why did I receive the GuardDuty finding type alert Recon:EC2/PortProbeUnprotectedPort for my Amazon EC2 instance?

2 minute read

Amazon GuardDuty detected alerts for the Recon:EC2/PortProbeUnprotectedPort finding type for my Amazon Elastic Compute Cloud (Amazon EC2) instance.

Short description

The GuardDuty finding type Recon:EC2/PortProbeUnprotectedPort means that an Amazon EC2 instance has an unprotected port that is being probed by a known malicious host.


Use the following best practices to protect the unprotected port or remove inbound rules:

Related information

Monitoring GuardDuty findings with Amazon CloudWatch Events

Finding types

AWS OFFICIALUpdated 2 years ago