How can I see IP addresses attempting to connect to my Amazon EC2?

ssh ftp ip sftp
5,718

Solution 1

AWS has a feature called VPC Flow Log that captures all the traffic coming to a VPC or a particular subnet or a particular network interface. You can setup VPC Flow log and these logs are then populated to AWS CloudWatch. It gives a very descriptive Log information and you can filter your query from that. Check more on AWS VPC Flow Log

Solution 2

If you want to see dropped traffic you'll need to do the whitelist using a firewall running on your EC2 instance, not the AWS infrastructure. (Your server cannot log/see traffic that it doesn't receive).

You may want to look into something like Fail2Ban.

A word of advice, there are bot nets that will try to connect to your IP (especially on EC2) via SSH using weak usernames and passwords. You'll only drive yourself insane trying to track down every failed login attempt or attempt to connect. A single box can get hundreds of these a day; you have been warned.

Share:
5,718

Related videos on Youtube

T. Brian Jones
Author by

T. Brian Jones

Updated on September 18, 2022

Comments

  • T. Brian Jones
    T. Brian Jones over 1 year

    I have an EC2 instance that is setup as an SFTP server using OpenSSH. It only allows connections on whitelisted IPs via TCP Port 22 (limited via an EC2 Security Group). I constantly have customers try to connect from other IPs that they have not been whitelisted. I'd like to track those attempted connections and the IPs they come from so I can help them figure out their IP addresses.

    Is it possible to see these IP addresses from the server? Can I also see the connection attempt and get the SFTP username?

  • T. Brian Jones
    T. Brian Jones over 8 years
    haha ... This is actually the answer I was expecting. I just wanted to confirm. I think I'll just leave security extra tight at the moment. Thanks!
  • Jeff
    Jeff over 8 years
    It might be worthwhile pointing out that this is a feature of Virtual Private Cloud and not a standard AWS/EC2 feature.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SFTP failing with "Match Group" clause
Can you have virtual users using an SFTP server?
How to associate a keyfile with a site in FileZilla
Filezilla or WinSCP alternative for Ubuntu
Restrict FTP user to a directory
SFTP connection reset by peer
How do I connect to SFTP server with web browser?
SSH login works but SFTP login doesn't
ssh_exchange_identification: read: Connection reset by peer
sftp/ssh failing after adding "Match group" clause