diff -ur nrpe-2.5.2/include/common.h nrpe-2.5.2.timeouts/include/common.h
--- nrpe-2.5.2/include/common.h	2006-04-10 02:42:29.000000000 +0100
+++ nrpe-2.5.2.timeouts/include/common.h	2006-10-17 15:07:03.000000000 +0100
@@ -39,6 +39,7 @@
 
 
 #define DEFAULT_SOCKET_TIMEOUT	10	/* timeout after 10 seconds */
+#define DEFAULT_CONNECTION_TIMEOUT 300	/* timeout if daemon is waiting for connection more than this time */
 
 #define MAX_INPUT_BUFFER	2048	/* max size of most buffers we use */
 #define MAX_FILENAME_LENGTH     256
diff -ur nrpe-2.5.2/include/nrpe.h nrpe-2.5.2.timeouts/include/nrpe.h
--- nrpe-2.5.2/include/nrpe.h	2006-02-23 22:48:26.000000000 +0000
+++ nrpe-2.5.2.timeouts/include/nrpe.h	2006-10-18 10:11:55.000000000 +0100
@@ -52,6 +52,7 @@
 int process_macros(char *,char *,int);
 int my_system(char *,int,int *,char *,int);            	/* executes a command via popen(), but also protects against timeouts */
 void my_system_sighandler(int);				/* handles timeouts when executing commands via my_system() */
+void my_connection_sighandler(int);			/* handles timeouts of connection */
 
 void sighandler(int);
 void child_sighandler(int);
diff -ur nrpe-2.5.2/sample-config/nrpe.cfg.in nrpe-2.5.2.timeouts/sample-config/nrpe.cfg.in
--- nrpe-2.5.2/sample-config/nrpe.cfg.in	2006-02-23 22:48:26.000000000 +0000
+++ nrpe-2.5.2.timeouts/sample-config/nrpe.cfg.in	2006-10-17 15:12:25.000000000 +0100
@@ -126,6 +126,15 @@
 command_timeout=60
 
 
+# CONNECTION TIMEOUT
+# This specifies the maximum number of seconds that the NRPE daemon will
+# wait for a connection to be established before exiting. This is sometimes
+# seen where a network problem stops the SSL being established even though
+# all network sessions are connected. This causes the nrpe daemons to
+# accumulate, eating system resources. Do not set this too low.
+
+connection_timeout=300
+
 
 # WEEK RANDOM SEED OPTION
 # This directive allows you to use SSL even if your system does not have
diff -ur nrpe-2.5.2/src/nrpe.c nrpe-2.5.2.timeouts/src/nrpe.c
--- nrpe-2.5.2/src/nrpe.c	2006-04-28 17:41:54.000000000 +0100
+++ nrpe-2.5.2.timeouts/src/nrpe.c	2006-10-18 10:13:08.000000000 +0100
@@ -52,6 +52,7 @@
 char    server_address[16]="0.0.0.0";
 int     socket_timeout=DEFAULT_SOCKET_TIMEOUT;
 int     command_timeout=DEFAULT_COMMAND_TIMEOUT;
+int     connection_timeout=DEFAULT_CONNECTION_TIMEOUT;
 char    *command_prefix=NULL;
 
 command *command_list=NULL;
@@ -476,6 +477,14 @@
 			        }
 		        }
 
+ 		else if(!strcmp(varname,"connection_timeout")){
+			connection_timeout=atoi(varvalue);
+			if(connection_timeout<1){
+				syslog(LOG_ERR,"Invalid connection_timeout specified in config file '%s' - Line %d\n",filename,line);
+				return ERROR;
+			        }
+		        }
+
 		else if(!strcmp(varname,"allow_weak_random_seed"))
 			allow_weak_random_seed=(atoi(varvalue)==1)?TRUE:FALSE;
 
@@ -963,6 +972,10 @@
 	fcntl(sock,F_SETFL,O_NONBLOCK);
 #endif
 
+	/* Set connection handler */
+	signal(SIGALRM,my_connection_sighandler);
+	alarm(connection_timeout);
+
 #ifdef HAVE_SSL
 	/* do SSL handshake */
 	if(result==STATE_OK && use_ssl==TRUE){
@@ -1072,6 +1085,9 @@
 	if(debug==TRUE)
 		syslog(LOG_DEBUG,"Host is asking for command '%s' to be run...",receive_packet.buffer);
 
+	/* Disable connection alarm. A new alarm will be setup during my_system */
+	alarm(0);
+
 	/* if this is the version check command, just spew it out */
 	if(!strcmp(command_name,NRPE_HELLO_COMMAND)){
 
@@ -1399,6 +1415,11 @@
 	exit(STATE_CRITICAL);
         }
 
+/* handle errors where connection takes too long */
+void my_connection_sighandler(int sig) {
+	syslog(LOG_ERR,"Connection has taken too long to establish. Exiting...");
+	exit(STATE_CRITICAL);
+	}
 
 
 /* drops privileges */