Packetman saysHop Starvation is DataStun's approach to destination control through distance. Every IP packet carries a Time-To-Live value — a hop counter that decrements at each router. When it hits zero, the router sends back an ICMP time-exceeded message and drops the packet. Normally this is just an error signal; we use it deliberately. You measure the hop count to a destination you care about. You decide the limit — usually the measured count plus a small buffer, sometimes a single hop because the destination is the local switch and nothing beyond. The AI checks what the rule would do to the agent's current flows before it ships. If it looks fine, you apply. If anything you didn't expect breaks, you reverse — one toggle, in seconds. The ICMP response that comes back names exactly which router killed the flow, so you get proof the rule worked and a live map of your upstream routing at the same time. The whole loop is operator-driven, AI-sanity-checked, and reversible by construction — not a black-box appliance.Tether your data.
Distance-based destination control, decided by the operator. Tell a database it can talk to the local switch and nothing beyond. Measure the hop count, set the limit, the AI sanity-checks the rule against today’s flows before it ships, the router confirms it stuck. Reversible in seconds.
Available as a per-agent add-on on Business tier and above. Part of the DataStun toolkit — bundled with the agent, the dashboard, the sovereignty rollup, and the rest.
Hover Packetman for the 30-second pitch.
Every device on your network ships with a default TTL (Time-to-Live) that lets packets reach 64 or 128 router hops into the internet — enough to reach Pyongyang from Podunk. Why does your Oracle database need that?
Linux default TTL
Windows & macOS default TTL
Router maximum TTL
TTL is the field every IP packet already carries — a hop counter that decrements at each router. When it reaches zero, the packet is dropped and an ICMP “Time Exceeded” comes back naming the router that killed it. Hop Starvation puts that field to work on purpose.
Set a maximum reach per device, per application, per destination port. An MSSQL server with a 2-hop limit can talk to the switches in its rack — and nothing beyond it.
The operator measures the hop count to a destination, picks the limit with a small buffer, and applies. The agent enforces. Don’t like what you see? One toggle, the rule is gone. Every rule has an author, a reason, and a clean back-out.
Before any new rule ships, an AI check reviews what the rule would do to the active flows on the target agent and flags anything that would silently break a working service. Rules ship with understanding, not hope.
No central chokepoint. Every endpoint and gateway carries its own reach rules and enforces them in parallel — Linux iptables, Windows WinDivert, gateway FORWARD rules. There is nothing in the middle to fail.
One-click coverage for databases, file shares, directory services, remote-management protocols, message queues, virtualization platforms, and backup systems. Add your own crown-jewel ports for anything custom.
Agents probe every infrastructure port with TCP SYN and UDP traceroute to find ports that today leak past the private network. Exposed ports surface in the dashboard with a one-click fix.
Need SSH to one specific external server? Measure the hops to that server, add a small buffer, and create a pinhole that allows traffic only to that destination, only at that distance. Not the whole internet.
The router itself confirms the rule held. Agents log the ICMP “Time Exceeded” that comes back when a packet hits the boundary — if enforcement quietly stops working, the dashboard tells you within the next cycle.
Packetman saysPacketman here. The TTL field has been in every IP packet since 1981 — using it for destination control is a known technique. What's different about DataStun's implementation is the posture around it. The operator is the decider, not the algorithm. You measure the hop count to a real destination first; you set the limit; the AI checks what your rule would break before it ships; and if something does break, one toggle reverses the rule in seconds. It's not a black-box appliance you trust to do the right thing. It's a tool in your dashboard, alongside everything else DataStun does — the sovereignty rollup that tells you where data went, the AI Governance dashboard that tells you who's using what, the blocklist that handles known-bad destinations. Hop Starvation is the proactive complement: not just measurement, but a way to set how far data is allowed to travel in the first place. And it's priced at ten dollars per agent per month, published — you don't need to talk to a salesperson to find out.The TTL technique is well known. What makes our implementation worth buying is the posture we built around it — six choices that distinguish DataStun’s version from the alternatives.
Every rule starts with a real hop measurement to a real destination. The agent probes, returns the actual hop count, and the operator picks the limit. We don’t derive the TTL from a model or a heuristic — the number you apply is grounded in what the network actually does today.
The TTL value is your choice, not the platform’s. The AI assists by checking what the rule would break against today’s flows on that agent; the operator still pulls the trigger. Every rule has an author, a reason, and a one-click reverse.
The AI reviews the impact before the rule is enforced — not after the support ticket arrives. Rules that would silently break a working service surface as warnings the operator can see and override or rewrite.
Hop Starvation is a setting on each agent in the same dashboard you already use to see your fleet. Enable on the database server, leave laptops alone. No new appliance to size, no new console to learn, no separate license server.
$10 per agent per month, pro-rated on enable / disable, no commitment beyond the month. You read it on this page; you don’t need to schedule a call. Buy it only for the agents that need it.
Hop Starvation lives next to the sovereignty rollup (where did data go), AI Governance (who’s using what), the global blocklist (known-bad destinations), and the rest of the platform. One agent, one dashboard. Hop Starvation is the lever; the rest of the platform is the instrument panel.
Packetman saysWe call these "Travel Boundaries" because that's what they are — a boundary on how far a packet from a given device, application, or port is allowed to travel. Three concentric tiers, named for what they actually scope: Local Network covers the switch your device is on; Internal Network covers your company's network; Approved External covers specific destinations you've measured and decided to allow. You mix and match. A database might be Local Network for outbound but Internal Network for management traffic. A laptop might be Internal Network for everything except a measured pinhole to your payment processor. The TTL value is just how the boundary is enforced — the tier is how you think about it.Three concentric reach tiers, named for what they actually scope. Mix and match per device, per app, or per port. The TTL value is how the boundary is enforced; the tier is how you decide.
The switch your device is on, and at most the next router. Databases, message queues, internal APIs that should never leave the rack. The tightest tier.
The company network — campus apps, file shares, directory services. Broad enough for your users to work; tight enough that the internet edge is the stop line.
Specific external destinations you measured (a payment processor, a SaaS endpoint) plus a small buffer. Pinholes you decided on — not the open internet.
Every device ships with TTL 64 (Linux), 128 (Windows/macOS), or 255 (routers). That is packet reach deep into the internet by default — not because anyone authorised it, but because the OS vendor picked a number that would not interfere with legitimate traffic. Hop Starvation inverts the default: limit reach to the tier you chose, then open pinholes for the specific destinations you measured. The reach budget is set by the operator, not the OS vendor.
Packetman saysTraditional firewalls block at the endpoint but can't prove the block held at the network level. VPNs route traffic through a tunnel but don't give you routing visibility. BGP blackholing works at the ISP level but not for individual endpoints. Hop Starvation is the only approach that enforces destination restrictions at the individual device level, proves enforcement with a routing receipt, and does it without touching anything outside your machine. It's available as an add-on on Business tier and above. The use cases range from isolating a compromised machine from a specific C2 destination, to enforcing data residency by making non-EU endpoints unreachable from EU-tagged agents, to testing your routing assumptions before an incident forces the question.A firewall is a single chokepoint enforcing an address list. Hop Starvation is every endpoint enforcing a distance. The two solve different problems — and the distance-based side is the one your firewall can’t.
| Capability | Hop Starvation | Traditional firewall |
|---|---|---|
| Enforcement point | Every device + gateway | Centralized chokepoint |
| Lateral-movement prevention | Packet-level TTL zones | Requires complex ACLs |
| Data-exfiltration control | Packets die at the trust boundary | Post-facto DLP heuristics |
| Per-app distance limits | Per-port, per-protocol TTL | Requires NAC + VLAN |
| Topology-bound segmentation | Native — TTL is distance | Not a concept |
| Single point of failure | None — distributed | Firewall itself |
| Rule verification | ICMP Time-Exceeded confirms | Log analysis only |
| Deployment | Agent install or gateway rule | Network redesign |
Network equipment vendors announce CVEs on a schedule you can set a clock by. Patches take weeks or months to deploy. During that window, a gateway with default TTL 255 is reachable from every IP on the planet.
Hop Starvation on the gateway itself caps management ports (SSH, SNMP, HTTPS) to five hops — which covers your NOC and your vendor’s support team. It does not cover adversaries 30 hops away. Attack surface goes from galactic to local.
Even if a hop or two leaks past the boundary, who is two hops from your ISP? Their other customers. Not nation-state actors — and not the worm scanning every IPv4.
Hop Starvation is a per-agent add-on, not a tier. Buy it for the agents that protect your crown jewels — not every laptop.
Per-agent monthly subscription. Available on Business tier and above. Enable and disable per agent from the fleet dashboard. Gateway pricing (UCG, MikroTik, Linux routers) available separately.
Minimum one agent; no commitment beyond the month. Pro-rated on enable/disable. Volume discounts and annual/multi-year pricing available.