LND Channel Jamming: Detect and Defend Against HTLC DoS Attacks

What is Channel Jamming?

Channel jamming is a denial-of-service attack on Lightning Network routing nodes. An attacker sends payments through your channels but never resolves them, locking up your liquidity for hours until HTLCs expire.

Two Types of Jamming

Slot jamming: fills all 483 HTLC slots per channel with small payments. Liquidity jamming: sends one large payment to lock maximum capacity.

Detect Jamming with LND

Monitor pending HTLCs:

lncli listchannels | jq '.channels[] | {alias: .chan_id, pending_htlcs: .pending_htlcs | length}'

Check for HTLC count near limit (483):

lncli listchannels | jq '.channels[] | select(.pending_htlcs | length > 400)'

Mitigation Strategies

1. HTLC endorsement: route only endorsed HTLCs (coming in LND future versions)

2. Fee bumping: set minimum fee high enough to make jamming expensive

3. Channel reputation: track per-peer HTLC resolution time, close consistently slow peers

4. Circular routing: use circular rebalancing to detect unusual patterns

Rate-Limit HTLCs per Peer

In lnd.conf, limit max HTLCs in flight:

[channel]
max-commitment-fee-rate-anchors=30000
# Also set per-peer HTLC limits via channel update

Use channel policies to restrict:

lncli updatechanpolicy --max_htlc_msat 50000000 --min_htlc_msat 1000 --fee_rate 0.001 --base_fee_msat 1000

Monitor and Alert

#!/bin/bash
# Alert if any channel has >400 pending HTLCs
COUNT=$(lncli listchannels | jq '[.channels[] | select(.pending_htlcs | length > 400)] | length')
if [ "$COUNT" -gt 0 ]; then
  echo "WARNING: $COUNT channels may be under jamming attack"
fi

Run this every 5 minutes via cron for early warning.