Archive

Please reload

Tags

Please reload

Who is breaking into your EC2 instance? Find out with Flow Logs

September 16, 2017

Ever wondered who is trying to break into your EC2 instance? Or why your micro-service architecture works sometimes, and not others? Or if your Database's security group is correctly configured to block everyone but your webapp?

 

Watch our short video (2:42) to find out, and don't forget about our 30-day free trial:

 

More Information

AWS has a feature called VPC Flow Logs that logs all packets coming and going from your instance. It's powerful and inexpensive. But AWS dumps all of your data into CloudWatch Logs, and leaves it up to you to make sense of the data:

 Are these incomprehensible, or is just me? 

 

Enter PiaSoft's Flow Log Viewer. These are logs from the very same instance:

Our Flow Log viewer organizes data into sortable columns, performs reverse DNS lookups on all IPs, annotates your private IPs for easy identification, and maps ports and protocols to familiar services (like ssh, SMB, mysql, etc).

 

With these two tools, you can do things like:

  1. See all accepted connections to your instance. Is there anything fishy here?

  2. See ports on your instance that are accepting connections. Did you mean to leave that open?

  3. See IPs that are connecting to your instance over and over. Is this an attack? Should you block that IP?

  4. See if a packet that was REJECTed should have been ACCEPTed to debug a security group.

Getting Set Up

See our quick Setup page, or our detailed blog post with step-by-step instructions, starting from the EC2 console.

Please reload

Recent Posts

Please reload

pia@piasoftware.net

(804) 5050PIA

(804) 505-0742

  • Pia Software on LinkedIn
  • Pia Software on Twitter
  • PiaSoftware on Facebook

©2017 BY PIA SOFTWARE.  All rights reserved.