People have many times said to me "Well I can just make 1M nodes on Amazon and take over your network" and these people live in lala land with no consideration at all for the cost of operating 1M nodes in the real world.
I can just open 10000 ports on
one server running the same code, sharing the transaction database and any other overheads between them. This is the essence of the sybil attack.
edit: think about it like this: what *is* a node in your system, a port? A private key? These things are trivially cheap.
Even if you could do it, 10000 ports would be 10000 connections lets say.
You'll be getting transactions, tx requests and sync status updates from 10000 nodes, to which you HAVE to reply or you lose you connection (and thus possibly an endorsement). Aside from thrashing the crap out of the DB you'll need a big fat pipe.
In our tests a node connected to 8 others at 100+ tx/s load is processing about 250KB/s downstream and about 120KB/s up. Divide that by 8 and multiply by 10000 = 150,000KB/s or 1.2Gbits upstream.
So you need a machine that can handle potentially millions of DB requests per second, and a pipe that can handle over 1.2Gbits upstream and at least double downstream. Or are those things trivially cheap too?