Passer au contenu
En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post
À propos de re:Post

AWS Trust & Safety Shutting down all network traffic to my VM instance reporting SSH security abuse on Port 2222

0

AWS Trust & Safety reported that I have unauthorized SSH attempt on port 2222. My EC2 VM instance is configured with SSH port 22 as out of the box. So AWS Trust & security team blocked network traffic to this instance.

#1 SSH Server is on this VM instance is listening on port 22 and NOT 2222 as reported. #2 SSH connection is only allow to connect via port 22 via AWS security group policy " Y-wizard-Y"

In the AWS Trust & Security report does not include the offending client SSH IP address, user name or mode of authentication and I have no way to connect to this instance to do anything.

Sujets
Gestion et gouvernanceAWS MarketplaceRéseaux et diffusion de contenuSécurité, identité et conformité
Balises
Amazon CloudWatchSécurité du cloud AWSRéponse aux incidents de sécurité AWSAmazon GuardDutyRéseaux et diffusion de contenu
Langue
English
demandé il y a 2 mois34 vues
1 réponse
-1

Based on the information provided, it appears there's a misunderstanding regarding the SSH port configuration on your EC2 instance. Let me address your concerns:

If AWS Trust & Safety has reported unauthorized SSH attempts on port 2222 while your instance is only configured to use port 22, this could indicate:

  1. Someone might be attempting to probe your instance for vulnerabilities by trying non-standard SSH ports like 2222.
  2. There might be a misconfiguration or misunderstanding in the abuse report.

When AWS Trust & Safety detects potential security issues, they may take protective measures like restricting network traffic to prevent further abuse or compromise.

To resolve this situation:

  1. Contact AWS Support directly to clarify the situation. Explain that your instance is only configured for SSH on port 22 via the security group "Y-wizard-Y" and not on port 2222 as reported.

  2. Request details about the specific abuse that was detected, including timestamps and any available information about the nature of the traffic.

  3. Ask for guidance on how to properly secure your instance and have the network restrictions lifted.

  4. Once you regain access, consider implementing additional security measures:

  • Restrict SSH access to specific IP addresses rather than allowing access from anywhere (0.0.0.0/0)
  • Consider using EC2 Instance Connect or AWS Systems Manager Session Manager instead of direct SSH
  • Implement stronger authentication methods

AWS Trust & Safety takes security seriously, and they typically restrict access when they detect potential security threats. Working with AWS Support is the best way to resolve this misunderstanding and restore access to your instance.
Sources
About instance ssh connect issue . | AWS re:Post
Port 22 (SSH) is not authorized | AWS re:Post
AWS Trust & Safety Center | AWS re:Post
Unable to connect to port despite changing setting in security group and firewall | AWS re:Post

répondu il y a 2 mois
  • bugbear007
    il y a 2 mois

    I have done step #1 & #2. I am just getting a canned response emails

Contenus pertinents