synor/docs/PLAN/PHASE3-NetworkBootstrap/01-Milestone-02-NetworkHardening.md

Phase 3, Milestone 2: Network Hardening

Security hardening for P2P network

Status: ✅ Complete Priority: High Crate: synor-network

---

Overview

Implement security measures to protect the network from attacks including peer banning, rate limiting, eclipse attack mitigation, and partition detection.

---

Tasks

Task 2.1: Peer Reputation System

• Track peer behavior scores
• Increment score for good behavior
• Decrement score for bad behavior
• Automatic banning at threshold
• Ban persistence across restarts

Files:

• crates/synor-network/src/reputation.rs

Reputation Events:

Event	Score Change
Valid block	+10
Invalid block	-100
Valid transaction	+1
Invalid transaction	-50
Timeout	-5
Protocol violation	-200

Task 2.2: Rate Limiting

• Per-peer message rate limiting
• Global rate limiting
• Adaptive limits based on load
• Separate limits by message type

Files:

• crates/synor-network/src/rate_limit.rs

Rate Limits:

Message Type	Limit	Window
Transactions	100/s	1s
Blocks	10/s	1s
Headers	1000/s	1s
GetData	50/s	1s

Task 2.3: Eclipse Attack Mitigation

• Subnet diversity enforcement
• Anchor connections (persistent)
• Peer rotation with minimum tenure
• Outbound connection limits per subnet
• Feeler connections for discovery

Files:

• crates/synor-network/src/eclipse.rs

Mitigation Parameters:

• Max 2 peers per /16 subnet
• 8 anchor connections (persistent)
• Minimum peer tenure: 30 minutes
• Feeler connection interval: 2 minutes

Task 2.4: Network Partition Detection

• Monitor connectivity metrics
• Detect isolation from network
• Alert on partition symptoms
• Automatic recovery attempts
• Partition event logging

Files:

• crates/synor-network/src/partition.rs (65 tests)

Detection Heuristics:

• No new blocks for >10 minutes
• Peer count drops below threshold
• Tip divergence from known good tips
• Clock skew detection

---

Validation

Validation Commands

# Run network tests
cargo test -p synor-network

# Run security-specific tests
cargo test -p synor-network reputation
cargo test -p synor-network rate_limit
cargo test -p synor-network eclipse
cargo test -p synor-network partition

Validation Agents

Agent	Purpose
code-reviewer	Review security implementations
silent-failure-hunter	Check edge cases

Security Test Cases

// Test peer banning
#[test]
fn test_peer_banned_after_violations() {
    let mut rep = Reputation::new();
    for _ in 0..3 {
        rep.record_event(peer_id, Event::InvalidBlock);
    }
    assert!(rep.is_banned(peer_id));
}

// Test rate limiting
#[test]
fn test_rate_limit_enforced() {
    let mut limiter = RateLimiter::new(100, Duration::from_secs(1));
    for _ in 0..100 {
        assert!(limiter.check());
    }
    assert!(!limiter.check()); // 101st should fail
}

// Test eclipse mitigation
#[test]
fn test_subnet_diversity() {
    let mut conns = ConnectionManager::new();
    // Add 2 peers from same /16
    conns.add("1.2.3.4:16111");
    conns.add("1.2.5.6:16111");
    // Third from same /16 should be rejected
    assert!(!conns.can_add("1.2.7.8:16111"));
}

Attack Simulations

Attack	Mitigation	Test
Sybil	Reputation + subnet limits	test_sybil_resistance
Eclipse	Anchor connections	test_eclipse_resistance
DoS	Rate limiting	test_dos_resistance
Partition	Detection + recovery	test_partition_recovery

Security Checks

• Banned peers cannot reconnect
• Rate limits apply to all message types
• Subnet diversity enforced
• Partition detection triggers alerts
• No amplification attacks possible

---

Compliance

• CWE-400: Resource Exhaustion (rate limiting)
• CWE-693: Protection Mechanism Failure (multi-layer defense)

---

Acceptance Criteria

1. Peer reputation system functioning
2. Rate limiting enforced at all levels
3. Eclipse attack mitigations active
4. Partition detection alerts working
5. All 65 network security tests pass

---

Completed: January 2025