On 26.03.2012 00:51, Simon McVittie wrote: > Markus, if you install devscripts and debian-keyring, you should be able > to download the packages from Alioth with dget, and verify the > signatures on them by running dscverify on the .changes file (they're > signed with my GPG key, which is in the Debian keyring).
Hi Simon, thank you for your quick response and your detailed report. Both are much appreciated. I have downloaded the amd64 package with dget and have compared the actual openarena server in squeeze with the patched version by monitoring the network traffic with iftop. Although my dedicated openarena server with 4 bots has been offline for more than 24h, the attacks resumed immediately. Once again the traffic was directed towards web servers. This time i saw nearly 2MB/s outgoing traffic to one target. After i had installed your patched version the traffic dropped to 8kb/s. In my opinion the patch is a vast improvement and mitigates the attack efficiently. But i can't explain why there is such a difference between your numbers and my observation though. However i would be happy if you could upload the patched version to the official repositories. Regards Markus
signature.asc
Description: OpenPGP digital signature
