diff --git a/src/bin_node/node_run_command.ml b/src/bin_node/node_run_command.ml
index 325c2f343..e5a57454e 100644
--- a/src/bin_node/node_run_command.ml
+++ b/src/bin_node/node_run_command.ml
@@ -172,6 +172,7 @@ let init_node ?sandbox ?checkpoint (config : Node_config_file.t) =
             proof_of_work_target =
               Crypto_box.make_target config.p2p.expected_pow ;
             disable_mempool = config.p2p.disable_mempool ;
+            trust_discovered_peers = (sandbox_param <> None) ;
           }
         in
         return_some (p2p_config, config.p2p.limits)
diff --git a/src/bin_node/tezos-sandboxed-node.sh b/src/bin_node/tezos-sandboxed-node.sh
index b0aac6bab..e7487c5f5 100755
--- a/src/bin_node/tezos-sandboxed-node.sh
+++ b/src/bin_node/tezos-sandboxed-node.sh
@@ -17,7 +17,7 @@ start_sandboxed_node() {
     expected_connections="${expected_connections:-3}"
     node_dir="$(mktemp -d -t tezos-node.XXXXXXXX)"
     peers=("--no-bootstrap-peers")
-#    peers+=("--private-mode") ## Should we accept discovered peers as trusted nodes ?
+    peers+=("--private-mode")
 
     node="${local_node}"
     sandbox_param="--sandbox=$sandbox_file"
diff --git a/src/lib_p2p/p2p.ml b/src/lib_p2p/p2p.ml
index bcda18bf2..506bdaeb3 100644
--- a/src/lib_p2p/p2p.ml
+++ b/src/lib_p2p/p2p.ml
@@ -64,6 +64,7 @@ type config = {
   identity : P2p_identity.t ;
   proof_of_work_target : Crypto_box.target ;
   disable_mempool : bool ;
+  trust_discovered_peers : bool ;
 }
 
 type limits = {
@@ -147,7 +148,8 @@ let may_create_discovery_worker _limits config pool =
       Some (P2p_discovery.create pool
               config.identity.peer_id
               ~listening_port
-              ~discovery_port ~discovery_addr)
+              ~discovery_port ~discovery_addr
+              ~trust_discovered_peers:config.trust_discovered_peers)
   | (_, _, _) ->
       None
 
diff --git a/src/lib_p2p/p2p.mli b/src/lib_p2p/p2p.mli
index d11009883..c2cc68ca0 100644
--- a/src/lib_p2p/p2p.mli
+++ b/src/lib_p2p/p2p.mli
@@ -98,6 +98,10 @@ type config = {
 
   disable_mempool : bool ;
   (** If [true], all non-empty mempools will be ignored. *)
+
+  trust_discovered_peers : bool ;
+  (** If [true], peers discovered on the local network will be trusted. *)
+
 }
 
 (** Network capacities *)
diff --git a/src/lib_p2p/p2p_discovery.ml b/src/lib_p2p/p2p_discovery.ml
index c306e3c37..4cf268e7d 100644
--- a/src/lib_p2p/p2p_discovery.ml
+++ b/src/lib_p2p/p2p_discovery.ml
@@ -49,6 +49,7 @@ module Answer = struct
     pool: pool ;
     discovery_port: int ;
     canceler: Lwt_canceler.t ;
+    trust_discovered_peers: bool ;
     mutable worker: unit Lwt.t ;
   }
 
@@ -98,7 +99,9 @@ module Answer = struct
                       let Pool pool = st.pool in
                       lwt_log_info "Registering new point %a:%d"
                         P2p_addr.pp addr remote_port >>= fun () ->
-                      P2p_pool.register_new_point pool st.my_peer_id
+                      P2p_pool.register_new_point
+                        ~trusted:st.trust_discovered_peers
+                        pool st.my_peer_id
                         (addr, remote_port) ;
                       aux ()
                 end
@@ -123,10 +126,11 @@ module Answer = struct
         Lwt_canceler.cancel st.canceler >>= fun () ->
         Lwt.return_unit
 
-  let create my_peer_id pool ~discovery_port = {
+  let create my_peer_id pool ~trust_discovered_peers ~discovery_port = {
     canceler = Lwt_canceler.create () ;
     my_peer_id ;
     discovery_port ;
+    trust_discovered_peers ;
     pool = Pool pool ;
     worker = Lwt.return_unit ;
   }
@@ -225,8 +229,7 @@ module Sender = struct
         Lwt_canceler.cancel st.canceler >>= fun () ->
         Lwt.return_unit
 
-  let create
-      my_peer_id pool ~listening_port ~discovery_port ~discovery_addr = {
+  let create my_peer_id pool ~listening_port ~discovery_port ~discovery_addr = {
     canceler = Lwt_canceler.create () ;
     my_peer_id ;
     listening_port ;
@@ -252,8 +255,8 @@ type t = {
   sender: Sender.t ;
 }
 
-let create ~listening_port ~discovery_port ~discovery_addr pool my_peer_id =
-  let answer = Answer.create my_peer_id pool ~discovery_port in
+let create ~listening_port ~discovery_port ~discovery_addr ~trust_discovered_peers pool my_peer_id =
+  let answer = Answer.create my_peer_id pool ~discovery_port ~trust_discovered_peers in
   let sender =
     Sender.create
       my_peer_id pool ~listening_port ~discovery_port ~discovery_addr in
diff --git a/src/lib_p2p/p2p_discovery.mli b/src/lib_p2p/p2p_discovery.mli
index 27ad96de7..01a3e0b2b 100644
--- a/src/lib_p2p/p2p_discovery.mli
+++ b/src/lib_p2p/p2p_discovery.mli
@@ -43,8 +43,11 @@ type t
     returns a discovery worker registering local peers to the [pool]
     and broadcasting discovery messages with the [peer_id] and
     the [listening_port] through the address [discovery_addr:discovery_port]. *)
-val create : listening_port:int -> discovery_port:int ->
-  discovery_addr:Ipaddr.V4.t -> ('a, 'b, 'c) P2p_pool.t -> P2p_peer.Table.key ->
+val create :
+  listening_port:int ->
+  discovery_port:int -> discovery_addr:Ipaddr.V4.t ->
+  trust_discovered_peers:bool ->
+  ('a, 'b, 'c) P2p_pool.t -> P2p_peer.Table.key ->
   t
 
 val activate : t -> unit
diff --git a/src/lib_p2p/p2p_pool.ml b/src/lib_p2p/p2p_pool.ml
index 1c503651b..19ffbec8d 100644
--- a/src/lib_p2p/p2p_pool.ml
+++ b/src/lib_p2p/p2p_pool.ml
@@ -337,7 +337,13 @@ let register_point pool ?trusted _source_peer_id (addr, port as point) =
       Lwt_condition.broadcast pool.events.new_point () ;
       log pool (New_point point) ;
       point_info
-  | Some point_info -> point_info
+  | Some point_info ->
+      begin
+        match trusted with
+        | Some true -> P2p_point_state.Info.set_trusted point_info ;
+        | _ -> ()
+      end ;
+      point_info
 
 let may_register_my_id_point pool = function
   | [P2p_errors.Myself (addr, Some port)] ->
@@ -1027,15 +1033,15 @@ and disconnect ?(wait = false) conn =
   conn.wait_close <- wait ;
   Answerer.shutdown (Lazy.force conn.answerer)
 
-and register_new_points pool conn =
+and register_new_points ?trusted pool conn =
   let source_peer_id = P2p_peer_state.Info.peer_id conn.peer_info in
   fun points ->
-    List.iter (register_new_point pool source_peer_id) points ;
+    List.iter (register_new_point ?trusted pool source_peer_id) points ;
     Lwt.return_unit
 
-and register_new_point pool source_peer_id point =
+and register_new_point ?trusted pool source_peer_id point =
   if not (P2p_point.Table.mem pool.my_id_points point) then
-    ignore (register_point pool source_peer_id point)
+    ignore (register_point ?trusted pool source_peer_id point)
 
 and list_known_points ?(ignore_private = false) pool conn =
   if Connection.private_node conn then
diff --git a/src/lib_p2p/p2p_pool.mli b/src/lib_p2p/p2p_pool.mli
index ddd5e0598..dddf716fd 100644
--- a/src/lib_p2p/p2p_pool.mli
+++ b/src/lib_p2p/p2p_pool.mli
@@ -239,6 +239,7 @@ val accept:
     accepting a connection from [fd]. Used by [P2p_welcome]. *)
 
 val register_new_point:
+  ?trusted:bool ->
   ('a, 'b, 'c) pool -> P2p_peer.Table.key -> P2p_point.Id.t -> unit
 (** [register_new_point pool source_peer_id point] tries to register [point]
     in pool's internal peer table. *)