AnsweredAssumed Answered

Web Server Stopped Responding QID:86476 AWS

Question asked by Thomas van der Spuy on Dec 14, 2014

Hi,

 

We have 3 EC2 instances with public IP's. They all have the exact same version of apache with the exact same modules enabled. The only difference is the box that passes is a micro instance whereas the one that fails is a m2.xlarge instance.


We got approval from aws for penetration testing with the following:

Scanned IPs:             

54.194.112.10

54.194.139.201

54.194.27.66

Source IPs:

64.39.96.0/20 (64.39.96.1-64.39.111.254)

62.210.136.128/25     (62.210.136.129-62.210.136.254)

167.216.252.0/26 (167.216.252.1-167.216.252.62)


I have tried everything in this post How is QID 86476 "Web Server stopped Responding" detected?


I double checked iptables on all of them while doing scans and after and that seems ok. I can see from the access logs the scans for the instance in red just stops receiving request after a while, where as with the duplicate box it goes on for much longer and I don't see any errors in my apache logs. I also changed the log format to include time for each request and none are above one second or timeout. We scanned at the lowest setting but to no avail.


Has anyone had similar problems on AWS?


Please assist

Any advice will be appreciated

Devonne



Outcomes