Have a CentOS-5.x box that appears to be going down as a result of PINGs. If the server gets PINGs it stops replying to ssh/http connections. Appears iptable is one approach, but I want to make sure I'm doing everything I should do.
SnapOverflow
Have a CentOS-5.x box that appears to be going down as a result of PINGs. If the server gets PINGs it stops replying to ssh/http connections. Appears iptable is one approach, but I want to make sure I'm doing everything I should do.
Doing everything is complicated and depends on the magnitude of the denial of service. It may involve contacting your ISP, their upstream provider and maybe other providers too. But for the case of a single server, the cooperation of those who manage your default gateway is needed. IP tables will not stop traffic from coming to the server. They simply set the policy of how to deal with traffic that reaches it. If you need to stop ICMP traffic from reaching the server, you must first contact the administrators of your default gateway.
You should try to stop the incoming ICMP traffic through the firewall.
This will drop the packets at a low level, preventing the OS from allocating and processing the requests (and also associated logging, if any). It will also prevent malformed packets to go up to analysis.
Besides ICMP, there are other packets you may want to block. See this page.
This page explains specifically how to block ICMP packets.