AWS Security ChangesHomeSearch

AWS dcv documentation change

Service: dcv · 2026-04-19 · Documentation low

File: dcv/latest/gw-admin/verify-connectivity.md

Summary

Added a note warning that the nc -uvz command may not detect silent UDP packet drops by security groups or firewalls, and a successful result doesn't guarantee UDP connectivity to DCV Connection Gateway.

Security assessment

This change adds important security-related documentation about the limitations of connectivity testing tools. It warns users about potential false positives when verifying UDP connectivity, which is a security consideration for network configuration. However, it doesn't address a specific security vulnerability in the product itself, but rather educates about general network security testing limitations.

Diff

diff --git a/dcv/latest/gw-admin/verify-connectivity.md b/dcv/latest/gw-admin/verify-connectivity.md
index 4e59dbf6f..92bde2305 100644
--- a//dcv/latest/gw-admin/verify-connectivity.md
+++ b//dcv/latest/gw-admin/verify-connectivity.md
@@ -24,0 +25,4 @@ Use the following command:
+###### Note
+
+**Note:** The `nc -uvz` command can only confirm UDP connectivity failure when an explicit ICMP error (e.g., "Connection refused") is returned. If packets are silently dropped (e.g., by security groups or firewalls), the command may still report success. A successful result from this command does not guarantee that UDP traffic can reach the DCV Connection Gateway.
+