Check or Attack Name: openclose

The Open/Close connection flood attack opens and closes connections at a high rate to a port serviced by an external service through inetd. An attacker can cause some services to slow or disallow incoming connections, resulting in a denial of service attack.

Most inetd servers set a limit to the number of connections allowed in a short period of time in order to prevent an out of control client from overrunning the system resources. If this number is quickly exceeded, the inetd server will shut off incoming connections for some amount of time (usually 6 minutes). The number of connections allowed before inetd shuts off is hard-coded into the inetd source code.

Increase the number of connections permitted before inetd shuts down the connection.

The number of connections allowed before inetd shuts off is hard-coded into the inetd source code. If you have source code available, you can increase the value of the number in the line: #define TOOMANY at the top of the inetd.c code.

If you do not have access to inetd source code, or do not feel comfortable making this change, contact your vendor for information on how to increase this value.