I am really a newbie when it comes to security,
I have an instance hosted on Amazon, it only have LDAP Server installed, Apache server hosting phpLDAPadmin, and one more instance (Client) that connect to this instance to authenticate using LDAP.
I was conducting a load test on the Client, after a while got following email from amazon regarding the LDAP server
It has come to our attention that Denial of Service (DoS) attacks were launched from your instance to IP(s) xxx.xxx.xxx.xxx via TCP port(s) 53. Please investigate your instance(s) and reply detailing the corrective measures you will be taking to address this activity
I am trying to know what happened exactly, to be able to resolve this problem. I have checked the auth.log and founf alot of break-in attempts but none of them where successful, the only accepted
Thanks In advance,