It would be handled to the point where decryption was tried, then it would be seen as junk. So not all the way up the stack but the node would be disconnected form us as it would be seen as faulty.
the connection would be closed as it could not communicate. I am not sure what you mean with a half open connection here. There used to be attacks in hhtp where asking for many pages slowly used up all the sockets, maybe that is what you mean. For us that would not work too well as nodes don’t connect to multiple IP:port combos but only a known ip:port combo, except for clients, whose connection is a lower priority than a node. (late Sunday night, so I might be missing your point here)