RealSecure Denial of Service Condition


Reported August 22, 2000 by
Modulo Security Labs

  • Internet Security Systems' RealSecure 3.2.1 for NT
  • Internet Security Systems' RealSecure 3.2.1 and 3.2.2 for Solaris


    A denial of service attack can be launched against RealSecure by sending a flood of SYN packets with specific flags set. Such an attack can successfully prevent RealSecure from protecting its defined networks.

    By sending a heavy continous flood of the specifically crafted packets, the NT version of RealSecure will repeatedly crash and restart itself, where CPU loads could reach 100 percent utilization.

    By sending a much lighter stream of specifically craft SYN packets (approximately 50 packets per second) the Solaris version can be held at bay where the product cannot detect other ensuing attacks.


    According to the discoverer, Internet Security System (ISS) will issue a detailed advisory and fix for the problem. We will update this bulletin when the fix is available

    Discovered by
    Modulo Security Labs

  • Hide comments


    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.