Resource Starvation

Connection Exhaustion

A connection exhaustion attack consumes all available connection slots on a target peer. Each connection is individually legitimate — proper handshake, valid Peer ID — but the volume prevents honest peers from connecting.

Unlike an eclipse, the target's routing table isn't poisoned — it simply runs out of capacity to accept new connections.

Controls

14 nodes
Honest
Malicious
Victim
Isolated

Network Metrics

LIVE
Health100%
Delivery100%
Attack0%
14
Honest
0
Malicious
Simulation Steps1 / 5

Normal Operation

The target node (yellow) has available connection slots and communicates freely with honest peers. The Connection Manager enforces a high watermark — when reached, low-priority connections are pruned to make room.

Slow Connection Buildup

The attacker establishes connections to the target gradually — staying under rate limits. Each connection appears legitimate and goes through the full Noise/TLS handshake. The attacker maintains these connections by keeping them alive with periodic pings.

Connection Slots
30%

Connection Slots Filling

More attacker connections arrive. The target's connection slots are 80% consumed by attacker-maintained connections. New honest peers trying to connect start getting rejected. The Connection Manager prunes low-scored connections — but the attacker's connections score normally because they complete handshakes properly.

Connection Slots
30%

Target Exhausted

The target's connection slots are fully consumed. All honest peer connections have been pruned or cannot be established. The target is effectively isolated — not because its routing table is poisoned, but because it simply cannot accept any more connections. Unlike an eclipse, the target knows it's under attack but cannot do anything about it.

Connection Slots
30%

Defense: Per-Peer Limits

The Resource Manager's per-peer limits are the primary defense: (1) Max connections per peer — no single source can consume all slots; (2) Max connections per IP/subnet (CIDR limits) — prevents Sybil-scale exhaustion from one machine; (3) Connection Gater blocks connections from known-bad peers before resource allocation; (4) Decay-based scoring deprioritizes peers that only consume without contributing.

Connection Slots
30%

Technical Details

Connection Manager Watermarks

high_watermark = 256 # Begin pruning phase
low_watermark = 160 # Target count after pruning

When connections exceed the high watermark, the system enters an aggressive pruning phase to prevent resource exhaustion.

Connection Manager

The Connection Manager tracks active streams and handshakes. When limits are reached, it uses a scoring heuristic to identify and disconnect low-value or idle peers to make room for new connections.

Resource Limits

The Resource Manager enforces hard caps on connections from any single peer or IP subnet (CIDR limits). This prevents an attacker from one machine consuming all slots even if they use multiple identities.