The Poisoning Protection: Defending against eclipse and sybil attacks
The Poisoning Protection: Defending against eclipse and sybil attacks
The P2P network is an "Open Battlefield." An attacker might try to "Poison" your node's view of the world. Two of the most dangerous attacks are the Sybil Attack (creating thousands of fake nodes to surround you) and the Eclipse Attack (cutting you off from the real network so you only see the attacker's fake chain). Bitcoin Core has built-in Poisoning Protection to defend against these.
For the Sovereign Architect, Poisoning Protection is the "Immune System" of the node. It is a set of "Heuristics" (Smart Rules) that detect when the network around you looks "Too Uniform" or "Too Artificial."
Analyzing the Immunity: IP Diversity and Bucketing
In the source code (src/addrman.cpp), we see the most important defense: Address Bucketing.
/**
* PEDAGOGICAL ANALYSIS: THE IMMUNE SYSTEM
* This logic ensures your node's "Contact List" is geographically
* and logically diverse.
*/
int AddrManImpl::GetNewBucket(const CNetAddr& addr, const CNetAddr& src) const
{
// 1. We take the IP of the "New Peer" (addr).
// 2. We take the IP of the "Person who told us" (src).
// 3. We "Hash" them together with a "Secret Key" (nKey).
uint256 hash = Hash(nKey, addr.GetGroup(), src.GetGroup());
// 4. The result tells us which "Bucket" to put the address in.
return hash.GetLow64() % ADDRMAN_NEW_BUCKET_COUNT;
}
Explaining the Immunity: The Diversity Engine
-
addr.GetGroup(): This identifies the "Neighborhood" of the IP address (e.g., the Data Center or the ISP). If an attacker starts 1,000 nodes in the same data center, they all have the same "Group." The node will put them all in the Same Bucket. Since each bucket has a limited size, the node will "Reject" most of the attacker's nodes. It is the Defense against the Uniformity. -
nKey(The Secret Salt): When your node starts for the first time, it generates a "Random Secret Number" (The Salt). This number is used in every hash. This means that an attacker cannot "Predict" which bucket their IP will end up in on your specific node. It is the Unpredictability of the Sovereign. -
"Outbound IP Diversity": When making its 8 "Scout" connections (Chapter 8), the node ensures they aren't all from the same group. It will try to find one peer in Europe, one in Asia, one on Tor, etc. This makes it almost impossible to "Eclipse" the node, because the attacker would have to control IPs across the entire world. It is the Reach of the Globalist.
-
"The Banning Policy": As we saw in Chapter 15, any peer that tries to send "Poisoned Data" is banned. This "Justice" is automated and cold. It is the Exclusion of the Hostile.
The Sovereignty of the Defense
Your node is "Skeptical by Design." It doesn't believe everything it hears, and it doesn't trust everyone it meets. By enforcing these diversity rules, your node ensures that its "Digital Horizon" is always wide and truthful. As a Sovereign Architect, you know that "Diversity is Security." By maintaining a node that protects itself from poisoning, you are ensuring your wealth is always anchored in the Global Consensus, not an "Attacker's Mirage." You are the "Master of the Immunity."
TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation: