Here's the reply I got from Pieter Wuille about this subject
Thanks. That's very helpful.
Will probably look into implementing something like this.
Each group of source IPs (/16s etc) selects a subset of just 64 buckets (salted using a host-specific secret key), and inserts the newly received IPs in a position in a bucket in one of those, if certain criteria are met (the position was empty, or it held an IP address that also occurs elsewhere in the table already). This limits the impact an attacker can have, because they cannot under any circumstances affect IPs in buckets outside of the 64 their group maps to.
And what is the core's algorithm for selecting addresses to return after receiving
getaddr request?
Does it only pick those from the "tried" buckets?
Same for sending spontaneous
addr messages: does it have to "try" it first, before it can route a new
addr to its peeers?