Understanding the term
In an eclipse attack, a malicious actor can interfere with nodes on a network. It aims to obscure a participant’s view of the P2P network to cause general disruption or to prepare for more attacks. In a blockchain network, a limiting factor for many nodes is bandwidth. In the Bitcoin network, the average device is unable to connect directly to many of the devices running the software due to limitations.
When an eclipse attack takes place, the malicious actor ensures that all of the target’s connections are to attacker-controlled nodes. An attacker can eclipse any node with enough IP addresses. To prevent this, an operator has to block incoming connections and only make outbound connections to specific nodes, such as those whitelisted by other peers.
Eclipse attacks are deployed as standalone attacks, which provides the attacker with an advantage on the mining front. These attacks are only possible when nodes within the network are unable to connect to all other nodes, instead connecting to a limited number of neighboring nodes.