5

Incoming DDoS Attack, It Looks Like An ICMP Attack, So What Do I block?

view full story
linux-howto

http://serverfault.com – I recently have been getting hit by an attack that is very small around 70MBPS but causes TONS of upload...All signs point to ICMP. I realized in my firewall I have CSF firewall running on CentOS, that I had no limit on my outgoing ICMP rate...Woops. :P Anything else I should block? We are primarily game servers so obviously blocking all incoming ICMP traffic is a no no. Or is it? That's why I'm here :D Thanks for any tips, Jeremy **Also quick edit, we are on a 100MBPS port and the current firewall is able to block generic DDoS attacks excess of 600MB without breaking a sweat. (HowTos)