I have been on GCP for roughly 3 months now. In that 3 months I have received 6 notices from GCP saying that one of my compute engines is creating a denial of service attack. They provide the IP address of the CE, and the time the attack triggered the compliance alert (which this last notice was 2021-11-25 00:10 to 2021-11-25 00:10).
I have taken as many steps as I can possibly take. I have 2 kinds of IDS software installed on the machine (neither have captured any attempts at compromise) and I have a local firewall on the server blocking all inbound and outbound traffic except for traffic specifically required. Additionally I have taken one last step and used the firewall on GCP to block all inbound and outbound traffic except for traffic specifically required.
I simply do not know where to go from here. It would seem as though these compliance notifications are meant to require me to purchase support so I can discuss this with GCP support staff. Does anyone else have any thoughts before I drop unknown $$$$ at support?
Thank you kindly...