If apache isn't even running on the pool server, is push pool still attack able if say I block all ICMP requests?
Depends on your configuration. If you set up pushpool to listen on a publicly accessible IP/port then it can still be directly attacked by people who know the IP address and port. They might, for example, send a flood of tcp connects that just linger until you run out of available connections for valid miners. This doesn't attack require ICMP.