Hi,

How about adding a concurrency limit in inetd so that only a specified
number of simultaneous invocations of each service may be started? The
"rate" protection used now is not very effective, by default someone
can start a service 39 times per minute until the system hits the
process or memory limits. I suggest adding these flags to inetd(8):

-c maximum
      Specify the default maximum number of simultaneous invocations
      of each service; the default is unlimited. May be overridden on
      a per service basis with the "max-child" parameter.

-d rate
      Specify the default maximum number of times a service can be
      invoked in one minute; the default is 40. May be overridden on
      a per service basis with the "max-rate" parameter.

And ofcourse change the wait/nowait[:max] parameter in inetd.conf to
wait/nowait[:max-rate][:max-child].

I have already implemented and tested this locally and can submit
patches if needed.

-Tomas