Skip to main content

Ethereum’s Peer-to-Peer Network Monitoring and Sybil Attack Prevention


Public blockchains, like Ethereum, rely on an underlying peer-to-peer (P2P) network to disseminate transactions and blocks between nodes. With the rise of blockchain applications and cryptocurrencies values, they have become critical infrastructures which still lack comprehensive studies. In this paper, we propose to investigate the reliability of the Ethereum P2P network. We developed our own dependable crawler to collect information about the peers composing the network. Our data analysis regarding the geographical distribution of peers and the churn rate shows good network properties while the network can exhibit a sudden and major increase in size and peers are highly concentrated on a few ASes. In a second time, we investigate suspicious patterns that can denote a Sybil attack. We find that many nodes hold numerous identities in the network and could become a threat. To mitigate future Sybil attacks, we propose an architecture to detect suspicious nodes and revoke them. It is based on a monitoring system, a smart contract to propagate the information and an external revocation tool to help clients remove their connections to suspicious peers. Our experiment on Ethereum’s Test network proved that our solution is effective.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11


  1. It consists in the bootstrap of the buckets: a node contacts randomly selected peers chosen in the db structure, which is the database stored on disk that contains information of all the nodes ever seen, and sends FINDNODE packets to populate its buckets.


  3. It is also available live on this server:



  1. Buterin, V., Griffith, V.: Casper the friendly finality gadget. (2019)

  2. Gervais, A., Karame, G.O., Wüst, K., Glykantzis, V., Ritzdorf, H., Capkun, S.: On the security and performance of proof of work blockchains. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security—CCS’16, pp. 3–16. ACM Press, Vienna (2016).

  3. Nair, P.R., Dorai, D.R.: Evaluation of performance and security of proof of work and proof of stake using blockchain. In: 2021 Third International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV), pp. 279–283 (2021)

  4. Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Katz, J., Shacham, H. (eds.) Advances in Cryptology–CRYPTO 2017. Lecture Notes in Computer Science, pp. 357–388. Springer International Publishing, Cham (2017)

    Chapter  Google Scholar 

  5. Zhang, R., Preneel, B.: Lay down the common metrics: evaluating proof-of-work consensus protocols’ security. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 175–192 (2019)

  6. The Ethereum Foundation. Devp2p—Ethereum peer-to-peer networking specifications. (2021)

  7. The Go-Ethereum developers: Ethereum/Go-Ethereum.

  8. OpenEthereum DAO: Openethereum.

  9. Maymounkov, P., Mazières, D.: Kademlia: a peer-to-peer information system based on the XOR metric. In: Goos, G., Hartmanis, J., van Leeuwen, J., Druschel, P., Kaashoek, F., Rowstron, A. (eds.) Peer-to-Peer System, vol. 2429, pp. 53–65. Springer, Berlin (2002)

    Chapter  Google Scholar 

  10. Kim, S.K., Ma, Z., Murali, S., Mason, J., Miller, A., Bailey, M.: Measuring Ethereum network peers. In: Proceedings of the Internet Measurement Conference 2018 on—IMC ’18, pp. 91–104. ACM Press, Boston (2018)

  11. Gao, Y., Shi, J., Wang, X., Tan, Q., Zhao, C., Yin, Z.: Topology measurement and analysis on Ethereum P2P network. In: 2019 IEEE Symposium on Computers and Communications (ISCC), pp. 1–7 (2019)

  12. Maeng, S.H., Essaid, M., Ju, H.T.: Analysis of Ethereum network properties and behavior of influential nodes. In: 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 203–207 (2020)

  13. Li, Z., Xia, W., Cui, M., Fu, P., Gou, G., Xiong, G.: Mining the characteristics of the Ethereum P2P network. In: Proceedings of the 2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure, pp. 20–30. BSCI’20, Association for Computing Machinery, New York (2020).

  14. Wang, T., Zhao, C., Yang, Q., Zhang, S.: Ethna: Analyzing the underlying peer-to-peer network of the Ethereum blockchain., comment: 14 pages, 14 figures (2020)

  15. Douceur, J.R.: The Sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) Peer-to-Peer Systems. Lecture Notes in Computer Science, pp. 251–260. Springer, Berlin, Heidelberg (2002)

    Chapter  Google Scholar 

  16. Singh, A., Ngan, T.W., Druschel, P., Wallach, D.S.: Eclipse attacks on overlay networks: threats and defenses. In: Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications, pp. 1–12 (2006)

  17. Steiner, M., En-Najjary, T., Biersack, E.W.: Exploiting KAD: possible uses and misuses. SIGCOMM Comput. Commun. Rev. 37(5), 65–70 (2007).

    Article  Google Scholar 

  18. Wang, P., Tyra, J., Chan-Tin, E., Malchow, T., Kune, D.F., Hopper, N., Kim, Y.: Attacking the KAD network. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, pp. 1–10. SecureComm’08, Association for Computing Machinery, New York (2008).

  19. Kohnen, M., Leske, M., Rathgeb, E.P.: Conducting and optimizing eclipse attacks in the KAD peer-to-peer network. In: Fratta, L., Schulzrinne, H., Takahashi, Y., Spaniol, O. (eds.) NETWORKING 2009. Lecture Notes in Computer Science, pp. 104–116. Springer, Berlin, Heidelberg (2009)

    Chapter  Google Scholar 

  20. Cholez, T., Chrisment, I., Festor, O.: Monitoring and controlling content access in KAD. In: International Conference on Communications—ICC 2010 (2010).

  21. Cholez, T., Chrisment, I., Festor, O., Doyen, G.: Detection and mitigation of localized attacks in a widely deployed P2P network. Peer Peer Netw. Appl. 6(2), 155–174 (2013).

    Article  Google Scholar 

  22. Marcus, Y., Heilman, E., Goldberg, S.: Low-resource eclipse attacks on Ethereum’s peer-to-peer network. IACR Cryptol. 2018, 236 (2018)

    Google Scholar 

  23. Xu, G., Guo, B., Su, C., Zheng, X., Liang, K., Wong, D.S., Wang, H.: Am I eclipsed? A smart detector of eclipse attacks for Ethereum. Comput. Secur. 88, 101604 (2020)

    Article  Google Scholar 

  24. Eisenbarth, J.P.: Crawleth.

  25. Ethernodes: the Ethereum network & node explorer.

  26. Etherscan: Ethereum node tracker.

  27. Eisenbarth, J.P.: Ethereum P2P network study, dataset overview (2021).

  28. Internet Corporation for Assigned Names and Numbers: recommendations on anonymization processes for source IP addresses submitted for future analysis (2018).

  29. Eisenbarth, J.P., Cholez, T., Perrin, O.: A comprehensive study of the bitcoin P2P network. In: 2021 3rd Conference on Blockchain Research Applications for Innovative Networks and Services (BRAINS), pp. 105–112 (2021).

  30. Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) Financial Cryptography and Data Security, vol. 8437, pp. 436–454. Springer, Berlin, Heidelberg (2014).

    Chapter  Google Scholar 

  31. Zhang, S., Lee, J.H.: Double-spending with a Sybil attack in the bitcoin decentralized network. IEEE Trans. Ind. Inform. 15(10), 5715–5722 (2019)

    Article  Google Scholar 

  32. Bissias, G., Ozisik, A.P., Levine, B.N., Liberatore, M.: Sybil-resistant mixing for bitcoin. In: Proceedings of the 13th Workshop on Privacy in the Electronic Society, pp. 149–158. WPES’14, Association for Computing Machinery, New York (2014)

  33. Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: Proceedings of the 24th USENIX Conference on Security Symposium, pp. 129–144. SEC’15, USENIX Association, Berkeley (2015)

  34. Nguyen, H.L., Eisenbarth, J.P., Ignat, C.L., Perrin, O.: Blockchain-based auditing of transparent log servers. In: Kerschbaum, F., Paraboschi, S. (eds.) Data and Applications Security and Privacy XXXII. Lecture Notes in Computer Science, pp. 21–37. Springer International Publishing, Cham (2018)

    Chapter  Google Scholar 

  35. Dinger, J., Hartenstein, H.: Defending the Sybil attack in P2P networks: taxonomy, challenges, and a proposal for self-registration. In: First International Conference on Availability, Reliability and Security (ARES’06), pp. 8, 763 (2006)

  36. Eisenbarth, J.P.: Sybil-prevention.

  37. The Go-Ethereum developers: node, P2P, internal: add ability to remove peers via admin interface by firescar96-pull request #2740-ethereum/go-ethereum.

  38. Wöhrer, M., Zdun, U., Rinderle-Ma, S.: Architecture design of blockchain-based applications. In: 3rd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS) (2021)

  39. Kostamis, P., Sendros, A., Efraimidis, P.: Exploring Ethereum’s data stores: a cost and performance comparison. In: 2021 3rd Conference on Blockchain Research Applications for Innovative Networks and Services (BRAINS), pp. 53–60 (2021)

  40. Poornima Devi, P., Bragadeesh, S.A., Umamakeswari, A.: Secure data management using IPFS and Ethereum. In: Balas, V.E., Hassanien, A.E., Chakrabarti, S., Mandal, L. (eds.) Proceedings of International Conference on Computational Intelligence, Data Science and Cloud Computing. Lecture Notes on Data Engineering and Communications Technologies, pp. 565–578. Springer, Singapore (2021)

  41. Rodrigues, B., Scheid, E., Killer, C., Franco, M., Stiller, B.: Blockchain signaling system (BloSS): cooperative signaling of distributed denial-of-service attacks. J. Netw. Syst. Manag. 28(4), 953–989 (2020).

    Article  Google Scholar 

Download references


This project has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 830927.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Thibault Cholez.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Eisenbarth, JP., Cholez, T. & Perrin, O. Ethereum’s Peer-to-Peer Network Monitoring and Sybil Attack Prevention. J Netw Syst Manage 30, 65 (2022).

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI:


  • Blockchain
  • Security
  • Network measurement
  • Distributed hash table