Reported August 22, 2000 by Modulo Security Labs
- Internet Security Systems' RealSecure 3.2.1 for NT
A denial of service attack can be launched against RealSecure by sending a flood of SYN packets with specific flags set. Such an attack can successfully prevent RealSecure from protecting its defined networks.
By sending a heavy continous flood of the specifically crafted packets, the NT version of RealSecure will repeatedly crash and restart itself, where CPU loads could reach 100 percent utilization.
By sending a much lighter stream of specifically craft SYN packets (approximately 50 packets per second) the Solaris version can be held at bay where the product cannot detect other ensuing attacks.
According to the discoverer, Internet Security System (ISS) will issue a detailed advisory and fix for the problem. We will update this bulletin when the fix is available
Discovered by Modulo Security Labs