Network Attacks & Security

Bitcoin's P2P network faces various attack vectors. Understanding these attacks helps node operators secure their nodes and developers build resilient applications.

Attack Types

Eclipse Attacks

Eclipse attacks isolate a node by controlling all its connections:

Attack:
1. Attacker controls many IP addresses
2. Attacker connects to victim from all addresses
3. Victim's connections are all to attacker
4. Attacker controls what victim sees
5. Victim sees fake blockchain state

Mitigation:

• Connect to diverse IP ranges
• Use multiple outbound connections
• Verify block data independently
• Use block-relay-only connections

Sybil Attacks

Sybil attacks create many fake identities:

Attack:
1. Attacker creates many node identities
2. Attacker controls large portion of network
3. Attacker can influence network behavior
4. Attacker can censor transactions

Mitigation:

• Proof-of-work prevents fake blocks
• Independent validation by all nodes
• No trust in individual peers
• Economic cost of attack

BGP Hijacking

BGP hijacking redirects network traffic:

Attack:
1. Attacker announces false BGP routes
2. Traffic redirected to attacker
3. Attacker can intercept/modify data
4. Affects large portions of network

Mitigation:

• Use Tor or VPN
• Connect to diverse geographic locations
• Monitor for unusual routing
• Use authenticated connections

Code Examples

Detecting Eclipse Attack

Partition Attacks

Network Partition

A network partition splits the network:

Partition:
Network A: Nodes 1-100
Network B: Nodes 101-200

Result:
- Two separate blockchains
- Eventually one wins (longest chain)
- Transactions in losing partition invalidated

Mitigation

• Multiple connections: Reduces partition risk
• Geographic diversity: Connect globally
• Wait for confirmations: Don't trust 0-conf

Denial of Service (DoS)

Transaction Flooding

Attackers flood network with transactions:

Attack:
1. Create many low-fee transactions
2. Fill mempool
3. Legitimate transactions delayed
4. Network congestion

Mitigation:

• Fee-based prioritization
• Mempool size limits
• Transaction eviction policies

Connection Exhaustion

Attackers exhaust node connections:

Attack:
1. Open many connections to node
2. Exhaust connection limit
3. Legitimate peers can't connect
4. Node isolated

Mitigation:

• Connection limits
• Rate limiting
• Ban malicious IPs

Best Practices

For Node Operators

1. Diverse connections: Connect to different IP ranges
2. Monitor connections: Watch for suspicious patterns
3. Use firewall: Limit exposure
4. Keep software updated: Security patches

For Developers

1. Validate independently: Don't trust peers
2. Handle network issues: Graceful degradation
3. Implement timeouts: Prevent hanging connections
4. Rate limit: Prevent abuse

Related Topics

• P2P Network Protocol - Network communication
• Mining Attacks - Mining-specific attacks
• Node Types - Node configurations

Resources

• Bitcoin Network Security