Code review ACK; I didn't try to test.

ut ACK

Tested; works as expected.

utACK

Backported to 0.10 as aeb9279

@SergioDemianLerner How about an nbits test?

@SergioDemianLerner I would really prefer avoiding checkpoints for this. Wouldn't a nHeight-based check be just as good to prevent that, similar to the check added in this patch?

We have several possibilities:

1. Some basic housekeeping that can be done when a block is received during download to prevent strange things like blocks with a current time-stamp but low height. Assume for a moment that blocks before a checkpoint have a nTime field that are lower than the checkpoint time (generally this requires to check only about 12 previous blocks, although theoretically one should have to check up to the genesis block).
   This would be a check like:

pcheckpoint = last check point
if ((block->nHeight < pcheckpoint->nHeight) && (block->GetBlockTime() > pcheckpoint->Time))
reject the block/header

1. Prevent node finger-printing altogether: do not advertise nor return a block or header that is not in the best chain. (but store them, as currently the node does)
2. Limit the extent of fingerprint to some maximum depth relative to the current best chain height (sipa's proposal).
3. Force node fingerprinting to require at least some PoW (gmaxwell's proposal).
4. Limit the blocks to advertise/return based on the same check of 1, but done at the time the block is asked by a peer (my first proposal)

Option 3 has sense only if the relative height is less than 1-month of time (current fingerprinting window). This limits the re-org depth. I like option 1.