ASMAP and Eclipse Attack Defense: Territorial Sovereignty
18. ASMAP and Eclipse Attack Defense: Territorial Sovereignty
In our next 1,100 words, we perform an audit of the Sovereign's Borders. An "Eclipse Attack" is a sophisticated hack where an attacker surrounds your node with "Fake Peers" until you can only see the "Attacker's Version" of the blockchain. ASMAP (Autonomous System Map) is our architectural defense against this isolation.
The Physics of the Network Map
The internet is not a single giant cloud. It is a collection of "Autonomous Systems" (ASes)—large networks managed by ISPs like Comcast, AT&T, or Deutsche Telekom. If your node connects to 10 different peers, but all 10 are on "Comcast's Network," then Comcast can "Eclipse" you.
ASMAP allows the node to understand the "Geography of the Internet." It uses a compressed database to map every IP address to its corresponding Autonomous System. The node then ensures that its connections are "Diverse"—meaning it tries to connect to peers in as many different ASes as possible. This ensures that no single company or country can "Surround" your node.
Analyzing the Borders: The src/util/asmap.cpp Audit
/**
* PEDAGOGICAL ANALYSIS: THE TERRITORY INTERPRETER
* This logic (from src/util/asmap.cpp) reads the
* compressed "AS Map" to identify which ISP a peer belongs to.
*/
uint32_t Interpret(const std::span<const std::byte> asmap,
const std::span<const std::byte> ip)
{
size_t pos{0};
uint8_t ip_bit{0};
uint32_t default_asn = 0;
// 1. Traverse the "Compressed Trie."
// We use bits of the IP address to navigate
// through the binary tree of ISPs.
while (pos < endpos) {
Instruction opcode = DecodeType(pos, asmap);
if (opcode == Instruction::RETURN) {
// 2. Found the ISP ID (ASN).
// We now know which "Territory" this peer lives in.
return DecodeASN(pos, asmap);
} else if (opcode == Instruction::JUMP) {
// 3. Navigate left or right based on the IP bit.
if (ConsumeBitBE(ip_bit, ip)) {
pos += jump; // Bit = 1: Go to the right subtree.
}
// Bit = 0: Fall through to the left subtree.
}
}
return 0; // Unknown ISP.
}
Explaining the Borders: The Wisdom of the Mesh
-
"The Diversity of Connection": By using ASMAP, the node actively "Rejects" too many connections from the same network. It forces itself to "Branch Out" and find peers in different parts of the world. It is the Resilience of the Sovereign.
-
"The Defense Against ISP Censorship": If an ISP decides to start "Lying" about the blockchain, ASMAP ensures you are also talking to peers on other ISPs who will tell you the truth. The lie is exposed by the diversity. It is the Security of the Machine.
-
"The Stochastic Address Manager": The node's "Address Manager" (
addrman) uses buckets to store peer addresses. ASMAP ensures that these buckets are filled with addresses from different "AS Groups," making it mathematically impossible for an attacker to "Fill all the Buckets" without controlling the entire internet. It is the Integrity of the Protocol. -
"The Territorial Intelligence": The node is no longer "Blind" to the structure of the internet. It understands that "Numbers" (IPs) represent "Power Structures" (ASNs). By navigating these structures, the node maintains its independence. It is the Precision of the Core.
The Philosophy of the Borders
As a Sovereign Architect, you know that "Strength comes from diversity." ASMAP is the node's way of "Building a Global Alliance." It is the understanding that for the network to be "One," it must be "Everywhere" and "Nowhere" at the same time.
We are moving away from a "Random Mesh" and toward a "Strategically Diverse Mesh." By understanding the "Territories" of the internet, we ensure that the "Truth of Bitcoin" can never be eclipsed by any single entity. You are not just connecting to peers; you are Maintaining the Territorial Integrity of the Global Ledger.
TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation: