Today was a short day. I read through this on Kademlia DHT: https://codethechange.stanford.edu/guides/guide_kademlia.html I skimmed through the S/Kademlia academic paper, which is a more secure version of Kademlia: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.68.4986&rep=rep1&type=pdf I also examined Mainline DHT (used by bittorrent magnet links). Mainline which is based on Kademlia and not S/Kademlia. I'm not sure why it hasn't been DOS'ed, maybe because if it was, anyone using it can go back to sharing regular torrent files until the attackers get bored and quit. This paper here (warning pdf) https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.68.4986&rep=rep1&type=pdf from 2012, shows that there seems to have been some real world attacks to shape the network and spy on users on Mainline DHT using sybil attacks. The first real world attacker seems to be from an ISP who wanted to direct clients to share data with each other within the ISP rather than share with peers outside of it (presumeably to cut costs). The second attacker seemed to be trying to gather info what torrents people are looking for on Mainline. It not only produces a lot of sybils to look for the "infohash" (which is a hash of the torrent file), but also then attempts to join the corresponding bittorrent network and download the torrent metadata to see what the torrent actually is. It's a good read if you are interested in that sort of thing. See page 5, starting at "A. Honeypots" for their real-world data collection. I think that using S/Kademlia would largely fix the above attack.