Carefully go through the output of the commands and note these points:
An unusually high number of half-open sessions can indicate the occurrence of a denial-of-service attack.
For TCP, half-open means that the session has not reached the established state. For User Datagram Protocol (UDP), half-open means that the firewall has detected traffic from only one direction.
When the number of existing half-open sessions rises above a threshold (the max-incomplete high number), the software deletes half-open sessions as necessary to accommodate new connection requests.The software continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below another threshold (the max-incomplete low number).
View the current max-incomplete low/high thresholds set. If the threshold is low, issue the ip inspect max-incomplete high command in global configuration mode to raise the number of existing half-open sessions.This action causes the software to delete half-open sessions.