Many ICMP Packets - I'm Being Hit
Nov 24, 2008My server is being hit by many ICMP packets. Very abnormal but many of them a from indonesian IP.
My server runs on cPanel + CSF.
Should I change CSF to APF? I read most antiDOS attack articles ICMP; eth0; 48 bytes; from 68.66.136.118.fast.net.id to pete.myserver.com; fragment
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 125.167.122.253 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 48 bytes; from 179.subnet125-160-99.speedy.telkom.net.id to pete.myserver.com; fragment
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1468 bytes; from 118.100.245.111 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ARP request for 202.71.103.231; eth0; 40 bytes; from 0011bb064fc1 to ffffffffffff
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.152.37.210 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.152.37.210 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.6.234.126 to pete.myserver.com; echo req
note: pete.myserver.com is my server
please advise solution it's causing me 10mbps of inbound bandwidth. my bandwidth is sufficient to handle those for now, but not for long if they increase. my munin shows 20mbps last night