We have 3 EC2 instances with public IP's. They all have the exact same version of apache with the exact same modules enabled. The only difference is the box that passes is a micro instance whereas the one that fails is a m2.xlarge instance.
We got approval from aws for penetration testing with the following:
I have tried everything in this post How is QID 86476 "Web Server stopped Responding" detected?
I double checked iptables on all of them while doing scans and after and that seems ok. I can see from the access logs the scans for the instance in red just stops receiving request after a while, where as with the duplicate box it goes on for much longer and I don't see any errors in my apache logs. I also changed the log format to include time for each request and none are above one second or timeout. We scanned at the lowest setting but to no avail.
Has anyone had similar problems on AWS?
Any advice will be appreciated