Open/Close Flood contents.gifindex.gif

Open/Close Flood

By opening and closing connections at a high rate, an intruder can cause some services to slow or disallow incoming connections, resulting in a denial of service attack.

The inetd server sets a limit to the number of connections allowed in a short period of time in order to prevent an out of control client from overrunning the system resources. If this number is quickly exceeded, the server will shut off incoming connections for some amount of time (usually 6 minutes). The number of connections allowed before inetd shuts off is hard-coded into the inetd source code. The scan engine attempts to exploit the open/close vulnerability and check the results.

Risk: Medium

Fix: If you have source code available, you can increase the value of the number in the line:

#define TOOMANY

at the top of the inetd.c code. Otherwise, contact your vendor for information on how to increase this value.