ec2 instance is communicating with a remote host on an unusual server port

0

Hi, AWS Guardduty is reporting: "ec2 instance is communicating with a remote host on an unusual server port 43582" from and EC2 instance that does not exist. We have autoscaling group that terminates and recreates instances. What could be the real issue?

Many thanks in advance

已提问 1 年前991 查看次数
2 回答
0

The GuardDuty finding contains the Instance-Id. Use this to search AWS Config to gain information about the instance. You can also find API calls involving this instance in CloudTrail.

profile pictureAWS
专家
kentrad
已回答 1 年前
0

The Finding shared resembles to Finding type "Behavior:EC2/NetworkPortUnusual", which informs that a listed EC2 instance in your AWS environment is behaving in a way that deviates from the established baseline. This EC2 instance has no prior history of communications on this remote port.

As in your case, this finding is reported for an EC2 instance that was spin up by auto-scaling, hence I would recommend you to kindly investigate internally and check for what purpose "43582" port is used by those EC2 instances. When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them.

profile pictureAWS
支持工程师
Varun
已回答 1 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则