Score:0

Unusual traffic Issue in AWS

th flag

I've observed some unusual traffic from an IP address from Nov 9 through Dec 10 in our application logs. We're not seeing the ip address associated with any of our instances currently. This IP was making requests that increased usage data for a client of ours. We'd like to be able to state correctly that it was a bot, and not some testing tool malfunctioning on our side. Doing a quick review of CloudTrail events within a few days of those dates, I'm not seeing any events for resource creations, updates, or deletions that contain that IP. Is there any suggestion to investigate it with details or does anyone suggest some tools to investigate more on it?

Tim avatar
gp flag
Tim
Is the IP in your CIDR range, or is it from the internet? Have you looked at VPC flow logs? You can easily block a single IP with NACLs.
cn flag
You can also use tools like WAF, GuardDuty, Shield to secure your account.
Score:0
us flag

You can run whois <ip address> to get details for the owner of the IP address. If you do not have any services with that operator, then it is some third party.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.