I was wondering what happens if a malicious actor is somehow able to create fake full nodes on the Bitcoin network, which total to more than half of Bitcoin‘s real full nodes. In this way, the attacker would be able to put fake transactions on these nodes (By forking Bitcoin core and modifying its code, for example) and make the entire network agree on them since he has 51% of all nodes (not hashing power) in the network. I know that having more than 51% of the hashing power is practically impossible and is referred to as a 51% attack, but I don’t think it is impossible for someone to create tens/hundreds of thousands of Bitcoin full nodes. In the end, it is just disk space.
I searched this question up on the internet and found out that such an attack is referred to as a Sybil attack. However, all the answers I found are quite unclear to me… For example, [this answer](https://bitcoin.stackexchange.com/questions/50922/whats-a-sybil-attack) from stack exchange:
>Sybil attacks are avoided in Bitcoin by requiring block generation ability to be proportional to computational power available through the proof-of-work mechanism. That way, an adversary is limited in how many blocks they can produce. This provides strong cryptographic guarantees of Sybil resilience.
I don’t really understand this sentence and more specifically, what is meant by “block generation ability”. I noticed that some answers bring 51% of attacks into the mix But I don’t understand what 51% of attacks have to do with Sybil attacks as a 51% attack concerns the miners whereas a Sybil attack concerns the nodes.
One solution that I could think of is that the network would reject so many nodes being created all at once and since everyone is able to verify the date of creation of these nodes, it is clear that it is an attack. However, since I am not skilled enough to read the code, I don’t know if such a check is implemented anywhere.
I hope all this makes any sense…
I thank you all for your help in advance!