IBD Bandwidth Protection

Overview

The node implements comprehensive protection against Initial Block Download (IBD) bandwidth exhaustion attacks. This prevents malicious peers from forcing a node to upload the entire blockchain multiple times, which could cause ISP data cap overages and economic denial-of-service.

Protection Mechanisms

Per-Peer Bandwidth Limits

Tracks bandwidth usage per peer with configurable daily and hourly limits:

• Daily Limit: Maximum bytes a peer can request per day
• Hourly Limit: Maximum bytes a peer can request per hour
• Automatic Throttling: Blocks requests when limits are exceeded
• Legitimate Node Protection: First request always allowed, reasonable limits for legitimate sync

Code: ibd_protection.rs

Per-IP Bandwidth Limits

Tracks bandwidth usage per IP address to prevent single-IP attacks:

• IP-Based Tracking: Monitors all peers from the same IP
• Aggregate Limits: Combined daily/hourly limits for all peers from an IP
• Attack Detection: Identifies coordinated attacks from single IP

Code: ibd_protection.rs

Per-Subnet Bandwidth Limits

Tracks bandwidth usage per subnet to prevent distributed attacks:

• IPv4 Subnets: Tracks /24 subnets (256 addresses)
• IPv6 Subnets: Tracks /64 subnets
• Subnet Aggregation: Combines bandwidth from all IPs in subnet
• Distributed Attack Mitigation: Prevents coordinated attacks from subnet

Code: ibd_protection.rs

Concurrent IBD Serving Limits

Limits how many peers can simultaneously request IBD:

• Concurrent Limit: Maximum number of peers serving IBD at once
• Queue Management: Queues additional requests when limit reached
• Fair Serving: Rotates serving to queued peers

Code: ibd_protection.rs

Peer Reputation Scoring

Tracks peer behavior to identify malicious patterns:

• Reputation System: Scores peers based on behavior
• Suspicious Pattern Detection: Identifies rapid reconnection with new peer IDs
• Cooldown Periods: Enforces cooldown after suspicious activity
• Legitimate Node Protection: First-time sync always allowed

Code: ibd_protection.rs

Configuration

Default Limits

[ibd_protection]
max_bandwidth_per_peer_per_day_gb = 50
max_bandwidth_per_peer_per_hour_gb = 10
max_bandwidth_per_ip_per_day_gb = 100
max_bandwidth_per_ip_per_hour_gb = 20
max_bandwidth_per_subnet_per_day_gb = 500
max_bandwidth_per_subnet_per_hour_gb = 100
max_concurrent_ibd_serving = 3
ibd_request_cooldown_seconds = 3600
suspicious_reconnection_threshold = 3
reputation_ban_threshold = -100
enable_emergency_throttle = false
emergency_throttle_percent = 50

Configuration Options

• max_bandwidth_per_peer_per_day_gb: Daily limit per peer (default: 50 GB)
• max_bandwidth_per_peer_per_hour_gb: Hourly limit per peer (default: 10 GB)
• max_bandwidth_per_ip_per_day_gb: Daily limit per IP (default: 100 GB)
• max_bandwidth_per_ip_per_hour_gb: Hourly limit per IP (default: 20 GB)
• max_bandwidth_per_subnet_per_day_gb: Daily limit per subnet (default: 500 GB)
• max_bandwidth_per_subnet_per_hour_gb: Hourly limit per subnet (default: 100 GB)
• max_concurrent_ibd_serving: Maximum concurrent IBD serving (default: 3)
• ibd_request_cooldown_seconds: Cooldown period after suspicious activity (default: 3600 seconds)
• suspicious_reconnection_threshold: Number of reconnections in 1 hour to be considered suspicious (default: 3)
• reputation_ban_threshold: Reputation score below which peer is banned (default: -100)
• enable_emergency_throttle: Enable emergency bandwidth throttling (default: false)
• emergency_throttle_percent: Percentage of bandwidth to throttle when emergency throttle is enabled (default: 50)

Code: ibd_protection.rs

Attack Mitigation

Single IP Attack

Attack: Attacker runs multiple fake nodes from same IP Protection: Per-IP bandwidth limits aggregate all peers from IP Result: Blocked after IP limit reached

Subnet Attack

Attack: Attacker distributes fake nodes across subnet Protection: Per-subnet bandwidth limits aggregate all IPs in subnet Result: Blocked after subnet limit reached

Rapid Reconnection Attack

Attack: Attacker disconnects and reconnects with new peer ID Protection: Reputation scoring detects pattern, enforces cooldown Result: Blocked during cooldown period

Distributed Attack

Attack: Coordinated attack from multiple IPs/subnets Protection: Concurrent serving limits prevent serving too many peers simultaneously Result: Additional requests queued, serving rotated fairly

Legitimate New Node

Scenario: Legitimate new node requests full sync Protection: First request always allowed, reasonable limits accommodate legitimate sync Result: Allowed to sync within limits

Resource pressure during IBD (memory and queues)

The limits above address bandwidth and fair serving to peers. Initial block download can also stress RAM and internal queues when blocks arrive quickly (parallel fetch, fast sync paths). If the process OOMs, stalls, or thrashes despite healthy bandwidth settings, check blvm-node configuration and release notes for IBD / sync resource behavior—not only the bandwidth counters in this chapter.

Integration

The IBD protection is automatically integrated into the network manager:

• Automatic Tracking: Tracks bandwidth when serving Headers/Block messages
• Request Protection: Protects GetHeaders and GetData requests
• Cleanup: Automatically cleans up tracking on peer disconnect

Code: network_manager.rs (IBD protection wiring and config)

LAN Peer Prioritization

LAN peers are auto-preferred for IBD download (still subject to bandwidth limits). See LAN Peering System.

See Also

• LAN Peering System - Automatic local network discovery and prioritization
• Network Operations - General network operations
• Node Configuration - IBD protection configuration
• Security Controls - Security system overview