Back to All Scenarios
PASSEDqueue / connection_storm
MSMQ Connection Storm — SYN Flood or Client Bug on Windows 11 Enterprise
MSMQ is receiving thousands of new connections per second, overwhelming the accept queue. Legitimate connections being dropped.
Pattern
CONNECTION_REFUSED
Severity
CRITICAL
Confidence
68%
Remediation
Auto-Heal
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | CONNECTION_REFUSED | CONNECTION_REFUSED | |
| Severity Assessment | HIGH | CRITICAL | |
| Incident Correlation | N/A | None | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Auto-Heal — Corax resolves autonomously |
Scenario Conditions
Windows 11 Enterprise. MSMQ seeing 25964 new connections/sec (normal: 119). SYN backlog full. accept queue overflowing. net.core.somaxconn=1976.
Injected Error Messages (1)
MSMQ on Windows 11 Enterprise — connection refused for legitimate clients, 25964 new conns/sec (normal: 119), SYN backlog full, accept queue overflow, ECONNREFUSED
Neural Engine Root Cause Analysis
Connection refused — service is likely crashed or not listening on the expected port.
Remediation Plan
Restart the target service. If recurring, check for memory leaks or crash loops.
Improvements Applied
- Severity: CRITICAL (expected HIGH)
Tested: 2026-04-02Monitors: 1 | Incidents: 1Test ID: cmnhnr1bx08nslig7aaw513b8