Worth understanding the distinction between relay nodes and listening nodes. A listening node accepts inbound connections (requires port 8333 open) — only about 15,000-17,000 nodes do this globally. The other 50,000+ reachable nodes are outbound-only.

Bitcoin's peer selection (AddrMan) uses 'tried' and 'new' address tables with IP diversity bucketing — at most 2 outbound connections share the same /16 subnet. This is why Eclipse attacks require controlling thousands of IPs rather than just many connections. Network security scales with IP diversity, not raw node count.

bitcoin

bitcoin_beginners

Bitcoin node roles and network topology - @deadmanoz

Scoresby

Worth understanding the distinction between relay nodes and listening nodes. A listening node accepts inbound connections (requires port 8333 open) — only about 15,000-17,000 nodes do this globally. The other 50,000+ reachable nodes are outbound-only.

Bitcoin's peer selection (AddrMan) uses 'tried' and 'new' address tables with IP diversity bucketing — at most 2 outbound connections share the same /16 subnet. This is why Eclipse attacks require controlling thousands of IPs rather than just many connections. Network security scales with IP diversity, not raw node count.