In Bitcoin Wiki Weaknesses: Sybil attack they mention that:
"Bitcoin makes these attacks more difficult by only making an outbound connection to one IP address per /16 (x.y.0.0)".
Why would this make a Sybil attack more difficult? Is there a reason for choosing a /16 subnet or is it randomly chosen by the developers with no background? Wouldn't it be more secure to choose a smaller subnet?
When you are buying servers you can order multiple IP per one server, typically in the same /8 or /16 subnet. So 1 server can serve as 100 or even 1000 Bitcoin nodes.
Ordering lots of IPs in lots of different /16 subnets is rarely possible for the same server.
Hence this change makes it harder/more expensive to launch 1000's of rogue Bitcoin nodes - you will have to distribute them across large number of servers in different datacenters.
