diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -340,9 +340,10 @@
 
 # Bitcoin server facilities
 add_library(server
-	addrman.cpp
 	addrdb.cpp
+	addrman.cpp
 	avalanche.cpp
+	banman.cpp
 	bloom.cpp
 	blockencodings.cpp
 	blockfilter.cpp
diff --git a/src/Makefile.am b/src/Makefile.am
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -104,6 +104,7 @@
   addrdb.h \
   addrman.h \
   avalanche.h \
+  banman.h \
   base58.h \
   bloom.h \
   blockencodings.h \
@@ -242,9 +243,10 @@
 libbitcoin_server_a_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) $(MINIUPNPC_CPPFLAGS) $(EVENT_CFLAGS) $(EVENT_PTHREADS_CFLAGS)
 libbitcoin_server_a_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 libbitcoin_server_a_SOURCES = \
-  addrman.cpp \
   addrdb.cpp \
+  addrman.cpp \
   avalanche.cpp \
+  banman.cpp \
   bloom.cpp \
   blockencodings.cpp \
   blockfilter.cpp \
diff --git a/src/banman.h b/src/banman.h
new file mode 100644
--- /dev/null
+++ b/src/banman.h
@@ -0,0 +1,74 @@
+// Copyright (c) 2009-2010 Satoshi Nakamoto
+// Copyright (c) 2009-2017 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+#ifndef BITCOIN_BANMAN_H
+#define BITCOIN_BANMAN_H
+
+#include <addrdb.h>
+#include <fs.h>
+#include <sync.h>
+
+#include <cstdint>
+#include <memory>
+
+// Default 24-hour ban.
+// NOTE: When adjusting this, update rpcnet:setban's help ("24h")
+static constexpr unsigned int DEFAULT_MISBEHAVING_BANTIME = 60 * 60 * 24;
+
+class CClientUIInterface;
+class CNetAddr;
+class CSubNet;
+
+// Denial-of-service detection/prevention
+// The idea is to detect peers that are behaving
+// badly and disconnect/ban them, but do it in a
+// one-coding-mistake-won't-shatter-the-entire-network
+// way.
+// IMPORTANT:  There should be nothing I can give a
+// node that it will forward on that will make that
+// node's peers drop it. If there is, an attacker
+// can isolate a node and/or try to split the network.
+// Dropping a node for sending stuff that is invalid
+// now but might be valid in a later version is also
+// dangerous, because it can cause a network split
+// between nodes running old code and nodes running
+// new code.
+
+class BanMan {
+public:
+    ~BanMan();
+    BanMan(fs::path ban_file, const CChainParams &chainParams,
+           CClientUIInterface *client_interface, int64_t default_ban_time);
+    void Ban(const CNetAddr &netAddr, const BanReason &banReason,
+             int64_t bantimeoffset = 0, bool sinceUnixEpoch = false);
+    void Ban(const CSubNet &subNet, const BanReason &banReason,
+             int64_t bantimeoffset = 0, bool sinceUnixEpoch = false);
+    // needed for unit testing
+    void ClearBanned();
+    bool IsBanned(CNetAddr netAddr);
+    bool IsBanned(CSubNet subNet);
+    bool Unban(const CNetAddr &netAddr);
+    bool Unban(const CSubNet &subNet);
+    void GetBanned(banmap_t &banMap);
+    void DumpBanlist();
+
+private:
+    void SetBanned(const banmap_t &banMap);
+    bool BannedSetIsDirty();
+    //! set the "dirty" flag for the banlist
+    void SetBannedSetDirty(bool dirty = true);
+    //! clean unused entries (if bantime has expired)
+    void SweepBanned();
+
+    banmap_t setBanned;
+    CCriticalSection cs_setBanned;
+    bool setBannedIsDirty;
+    CClientUIInterface *clientInterface = nullptr;
+    CBanDB m_ban_db;
+    int64_t m_default_ban_time;
+};
+
+extern std::unique_ptr<BanMan> g_banman;
+
+#endif // BITCOIN_BANMAN_H
diff --git a/src/banman.cpp b/src/banman.cpp
new file mode 100644
--- /dev/null
+++ b/src/banman.cpp
@@ -0,0 +1,214 @@
+// Copyright (c) 2009-2010 Satoshi Nakamoto
+// Copyright (c) 2009-2017 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <banman.h>
+
+#include <netaddress.h>
+#include <ui_interface.h>
+#include <util/system.h>
+#include <util/time.h>
+
+BanMan::BanMan(fs::path ban_file, const CChainParams &chainParams,
+               CClientUIInterface *client_interface, int64_t default_ban_time)
+    : clientInterface(client_interface),
+      m_ban_db(std::move(ban_file), chainParams),
+      m_default_ban_time(default_ban_time) {
+    if (clientInterface) {
+        clientInterface->InitMessage(_("Loading banlist..."));
+    }
+
+    int64_t nStart = GetTimeMillis();
+    setBannedIsDirty = false;
+    banmap_t banmap;
+    if (m_ban_db.Read(banmap)) {
+        // thread save setter
+        SetBanned(banmap);
+        // no need to write down, just read data
+        SetBannedSetDirty(false);
+        // sweep out unused entries
+        SweepBanned();
+
+        LogPrint(BCLog::NET,
+                 "Loaded %d banned node ips/subnets from banlist.dat  %dms\n",
+                 banmap.size(), GetTimeMillis() - nStart);
+    } else {
+        LogPrintf("Invalid or missing banlist.dat; recreating\n");
+        // force write
+        SetBannedSetDirty(true);
+        DumpBanlist();
+    }
+}
+
+BanMan::~BanMan() {
+    DumpBanlist();
+}
+
+void BanMan::DumpBanlist() {
+    // clean unused entries (if bantime has expired)
+    SweepBanned();
+
+    if (!BannedSetIsDirty()) {
+        return;
+    }
+
+    int64_t nStart = GetTimeMillis();
+
+    banmap_t banmap;
+    GetBanned(banmap);
+    if (m_ban_db.Write(banmap)) {
+        SetBannedSetDirty(false);
+    }
+
+    LogPrint(BCLog::NET,
+             "Flushed %d banned node ips/subnets to banlist.dat  %dms\n",
+             banmap.size(), GetTimeMillis() - nStart);
+}
+
+void BanMan::ClearBanned() {
+    {
+        LOCK(cs_setBanned);
+        setBanned.clear();
+        setBannedIsDirty = true;
+    }
+    // store banlist to disk
+    DumpBanlist();
+    if (clientInterface) {
+        clientInterface->BannedListChanged();
+    }
+}
+
+bool BanMan::IsBanned(CNetAddr netAddr) {
+    LOCK(cs_setBanned);
+    for (const auto &it : setBanned) {
+        CSubNet subNet = it.first;
+        CBanEntry banEntry = it.second;
+
+        if (subNet.Match(netAddr) && GetTime() < banEntry.nBanUntil) {
+            return true;
+        }
+    }
+    return false;
+}
+
+bool BanMan::IsBanned(CSubNet subNet) {
+    LOCK(cs_setBanned);
+    banmap_t::iterator i = setBanned.find(subNet);
+    if (i != setBanned.end()) {
+        CBanEntry banEntry = (*i).second;
+        if (GetTime() < banEntry.nBanUntil) {
+            return true;
+        }
+    }
+    return false;
+}
+
+void BanMan::Ban(const CNetAddr &netAddr, const BanReason &banReason,
+                 int64_t bantimeoffset, bool sinceUnixEpoch) {
+    CSubNet subNet(netAddr);
+    Ban(subNet, banReason, bantimeoffset, sinceUnixEpoch);
+}
+
+void BanMan::Ban(const CSubNet &subNet, const BanReason &banReason,
+                 int64_t bantimeoffset, bool sinceUnixEpoch) {
+    CBanEntry banEntry(GetTime());
+    banEntry.banReason = banReason;
+    if (bantimeoffset <= 0) {
+        bantimeoffset = m_default_ban_time;
+        sinceUnixEpoch = false;
+    }
+    banEntry.nBanUntil = (sinceUnixEpoch ? 0 : GetTime()) + bantimeoffset;
+
+    {
+        LOCK(cs_setBanned);
+        if (setBanned[subNet].nBanUntil < banEntry.nBanUntil) {
+            setBanned[subNet] = banEntry;
+            setBannedIsDirty = true;
+        } else {
+            return;
+        }
+    }
+    if (clientInterface) {
+        clientInterface->BannedListChanged();
+    }
+
+    // store banlist to disk immediately if user requested ban
+    if (banReason == BanReasonManuallyAdded) {
+        DumpBanlist();
+    }
+}
+
+bool BanMan::Unban(const CNetAddr &netAddr) {
+    CSubNet subNet(netAddr);
+    return Unban(subNet);
+}
+
+bool BanMan::Unban(const CSubNet &subNet) {
+    {
+        LOCK(cs_setBanned);
+        if (setBanned.erase(subNet) == 0) {
+            return false;
+        }
+        setBannedIsDirty = true;
+    }
+    if (clientInterface) {
+        clientInterface->BannedListChanged();
+    }
+    // store banlist to disk immediately
+    DumpBanlist();
+    return true;
+}
+
+void BanMan::GetBanned(banmap_t &banMap) {
+    LOCK(cs_setBanned);
+    // Sweep the banlist so expired bans are not returned
+    SweepBanned();
+    // create a thread safe copy
+    banMap = setBanned;
+}
+
+void BanMan::SetBanned(const banmap_t &banMap) {
+    LOCK(cs_setBanned);
+    setBanned = banMap;
+    setBannedIsDirty = true;
+}
+
+void BanMan::SweepBanned() {
+    int64_t now = GetTime();
+    bool notifyUI = false;
+    {
+        LOCK(cs_setBanned);
+        banmap_t::iterator it = setBanned.begin();
+        while (it != setBanned.end()) {
+            CSubNet subNet = (*it).first;
+            CBanEntry banEntry = (*it).second;
+            if (now > banEntry.nBanUntil) {
+                setBanned.erase(it++);
+                setBannedIsDirty = true;
+                notifyUI = true;
+                LogPrint(
+                    BCLog::NET,
+                    "%s: Removed banned node ip/subnet from banlist.dat: %s\n",
+                    __func__, subNet.ToString());
+            } else {
+                ++it;
+            }
+        }
+    }
+    // update UI
+    if (notifyUI && clientInterface) {
+        clientInterface->BannedListChanged();
+    }
+}
+
+bool BanMan::BannedSetIsDirty() {
+    LOCK(cs_setBanned);
+    return setBannedIsDirty;
+}
+
+void BanMan::SetBannedSetDirty(bool dirty) {
+    // reuse setBanned lock for the setBannedIsDirty flag
+    LOCK(cs_setBanned);
+    setBannedIsDirty = dirty;
+}
diff --git a/src/init.cpp b/src/init.cpp
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -11,6 +11,7 @@
 
 #include <addrman.h>
 #include <amount.h>
+#include <banman.h>
 #include <chain.h>
 #include <chainparams.h>
 #include <checkpoints.h>
diff --git a/src/interfaces/node.h b/src/interfaces/node.h
--- a/src/interfaces/node.h
+++ b/src/interfaces/node.h
@@ -18,6 +18,7 @@
 #include <tuple>
 #include <vector>
 
+class BanMan;
 class CCoinControl;
 class CFeeRate;
 struct CNodeStateStats;
diff --git a/src/interfaces/node.cpp b/src/interfaces/node.cpp
--- a/src/interfaces/node.cpp
+++ b/src/interfaces/node.cpp
@@ -6,6 +6,7 @@
 
 #include <addrdb.h>
 #include <amount.h>
+#include <banman.h>
 #include <chain.h>
 #include <chainparams.h>
 #include <config.h>
diff --git a/src/net.h b/src/net.h
--- a/src/net.h
+++ b/src/net.h
@@ -35,6 +35,7 @@
 #include <arpa/inet.h>
 #endif
 
+class BanMan;
 class Config;
 class CNode;
 class CScheduler;
@@ -90,10 +91,6 @@
 static const size_t DEFAULT_MAXRECEIVEBUFFER = 5 * 1000;
 static const size_t DEFAULT_MAXSENDBUFFER = 1 * 1000;
 
-// Default 24-hour ban.
-// NOTE: When adjusting this, update rpcnet:setban's help ("24h")
-static constexpr unsigned int DEFAULT_MISBEHAVING_BANTIME = 60 * 60 * 24;
-
 typedef int64_t NodeId;
 
 struct AddedNodeInfo {
@@ -118,54 +115,6 @@
     std::string command;
 };
 
-class BanMan {
-public:
-    // Denial-of-service detection/prevention
-    // The idea is to detect peers that are behaving
-    // badly and disconnect/ban them, but do it in a
-    // one-coding-mistake-won't-shatter-the-entire-network
-    // way.
-    // IMPORTANT:  There should be nothing I can give a
-    // node that it will forward on that will make that
-    // node's peers drop it. If there is, an attacker
-    // can isolate a node and/or try to split the network.
-    // Dropping a node for sending stuff that is invalid
-    // now but might be valid in a later version is also
-    // dangerous, because it can cause a network split
-    // between nodes running old code and nodes running
-    // new code.
-    ~BanMan();
-    BanMan(fs::path ban_file, const CChainParams &chainParams,
-           CClientUIInterface *client_interface, int64_t default_ban_time);
-    void Ban(const CNetAddr &netAddr, const BanReason &reason,
-             int64_t bantimeoffset = 0, bool sinceUnixEpoch = false);
-    void Ban(const CSubNet &subNet, const BanReason &reason,
-             int64_t bantimeoffset = 0, bool sinceUnixEpoch = false);
-    // needed for unit testing
-    void ClearBanned();
-    bool IsBanned(CNetAddr ip);
-    bool IsBanned(CSubNet subnet);
-    bool Unban(const CNetAddr &ip);
-    bool Unban(const CSubNet &ip);
-    void GetBanned(banmap_t &banmap);
-    void DumpBanlist();
-
-private:
-    void SetBanned(const banmap_t &banmap);
-    bool BannedSetIsDirty();
-    //! set the "dirty" flag for the banlist
-    void SetBannedSetDirty(bool dirty = true);
-    //! clean unused entries (if bantime has expired)
-    void SweepBanned();
-
-    banmap_t setBanned;
-    CCriticalSection cs_setBanned;
-    bool setBannedIsDirty;
-    CClientUIInterface *clientInterface = nullptr;
-    CBanDB m_ban_db;
-    int64_t m_default_ban_time;
-};
-
 class NetEventsInterface;
 class CConnman {
 public:
diff --git a/src/net.cpp b/src/net.cpp
--- a/src/net.cpp
+++ b/src/net.cpp
@@ -9,7 +9,7 @@
 
 #include <net.h>
 
-#include <addrman.h>
+#include <banman.h>
 #include <chainparams.h>
 #include <clientversion.h>
 #include <config.h>
@@ -472,27 +472,6 @@
     return pnode;
 }
 
-void BanMan::DumpBanlist() {
-    // Clean unused entries (if bantime has expired)
-    SweepBanned();
-
-    if (!BannedSetIsDirty()) {
-        return;
-    }
-
-    int64_t nStart = GetTimeMillis();
-
-    banmap_t banmap;
-    GetBanned(banmap);
-    if (m_ban_db.Write(banmap)) {
-        SetBannedSetDirty(false);
-    }
-
-    LogPrint(BCLog::NET,
-             "Flushed %d banned node ips/subnets to banlist.dat  %dms\n",
-             banmap.size(), GetTimeMillis() - nStart);
-}
-
 void CNode::CloseSocketDisconnect() {
     fDisconnect = true;
     LOCK(cs_hSocket);
@@ -502,161 +481,6 @@
     }
 }
 
-void BanMan::ClearBanned() {
-    {
-        LOCK(cs_setBanned);
-        setBanned.clear();
-        setBannedIsDirty = true;
-    }
-
-    // Store banlist to disk.
-    DumpBanlist();
-    if (clientInterface) {
-        clientInterface->BannedListChanged();
-    }
-}
-
-bool BanMan::IsBanned(CNetAddr ip) {
-    LOCK(cs_setBanned);
-    for (const auto &it : setBanned) {
-        CSubNet subNet = it.first;
-        CBanEntry banEntry = it.second;
-
-        if (subNet.Match(ip) && GetTime() < banEntry.nBanUntil) {
-            return true;
-        }
-    }
-
-    return false;
-}
-
-bool BanMan::IsBanned(CSubNet subnet) {
-    LOCK(cs_setBanned);
-
-    banmap_t::iterator i = setBanned.find(subnet);
-    if (i != setBanned.end()) {
-        CBanEntry banEntry = (*i).second;
-        if (GetTime() < banEntry.nBanUntil) {
-            return true;
-        }
-    }
-
-    return false;
-}
-
-void BanMan::Ban(const CNetAddr &addr, const BanReason &banReason,
-                 int64_t bantimeoffset, bool sinceUnixEpoch) {
-    CSubNet subNet(addr);
-    Ban(subNet, banReason, bantimeoffset, sinceUnixEpoch);
-}
-
-void BanMan::Ban(const CSubNet &subNet, const BanReason &banReason,
-                 int64_t bantimeoffset, bool sinceUnixEpoch) {
-    CBanEntry banEntry(GetTime());
-    banEntry.banReason = banReason;
-    if (bantimeoffset <= 0) {
-        bantimeoffset = m_default_ban_time;
-        sinceUnixEpoch = false;
-    }
-    banEntry.nBanUntil = (sinceUnixEpoch ? 0 : GetTime()) + bantimeoffset;
-
-    {
-        LOCK(cs_setBanned);
-        if (setBanned[subNet].nBanUntil < banEntry.nBanUntil) {
-            setBanned[subNet] = banEntry;
-            setBannedIsDirty = true;
-        } else {
-            return;
-        }
-    }
-
-    if (clientInterface) {
-        clientInterface->BannedListChanged();
-    }
-
-    if (banReason == BanReasonManuallyAdded) {
-        // Store banlist to disk immediately if user requested ban.
-        DumpBanlist();
-    }
-}
-
-bool BanMan::Unban(const CNetAddr &addr) {
-    CSubNet subNet(addr);
-    return Unban(subNet);
-}
-
-bool BanMan::Unban(const CSubNet &subNet) {
-    {
-        LOCK(cs_setBanned);
-        if (!setBanned.erase(subNet)) {
-            return false;
-        }
-        setBannedIsDirty = true;
-    }
-
-    if (clientInterface) {
-        clientInterface->BannedListChanged();
-    }
-
-    // Store banlist to disk immediately.
-    DumpBanlist();
-    return true;
-}
-
-void BanMan::GetBanned(banmap_t &banMap) {
-    LOCK(cs_setBanned);
-    // Sweep the banlist so expired bans are not returned
-    SweepBanned();
-    // Create a thread safe copy.
-    banMap = setBanned;
-}
-
-void BanMan::SetBanned(const banmap_t &banMap) {
-    LOCK(cs_setBanned);
-    setBanned = banMap;
-    setBannedIsDirty = true;
-}
-
-void BanMan::SweepBanned() {
-    int64_t now = GetTime();
-    bool notifyUI = false;
-    {
-        LOCK(cs_setBanned);
-        banmap_t::iterator it = setBanned.begin();
-        while (it != setBanned.end()) {
-            CSubNet subNet = (*it).first;
-            CBanEntry banEntry = (*it).second;
-            if (now > banEntry.nBanUntil) {
-                setBanned.erase(it++);
-                setBannedIsDirty = true;
-                notifyUI = true;
-                LogPrint(
-                    BCLog::NET,
-                    "%s: Removed banned node ip/subnet from banlist.dat: %s\n",
-                    __func__, subNet.ToString());
-            } else {
-                ++it;
-            }
-        }
-    }
-
-    // update UI
-    if (notifyUI && clientInterface) {
-        clientInterface->BannedListChanged();
-    }
-}
-
-bool BanMan::BannedSetIsDirty() {
-    LOCK(cs_setBanned);
-    return setBannedIsDirty;
-}
-
-void BanMan::SetBannedSetDirty(bool dirty) {
-    // Reuse setBanned lock for the isDirty flag.
-    LOCK(cs_setBanned);
-    setBannedIsDirty = dirty;
-}
-
 bool CConnman::IsWhitelistedRange(const CNetAddr &addr) {
     for (const CSubNet &subnet : vWhitelistedRange) {
         if (subnet.Match(addr)) {
@@ -2518,42 +2342,6 @@
     return true;
 }
 
-BanMan::BanMan(fs::path ban_file, const CChainParams &chainParams,
-               CClientUIInterface *client_interface, int64_t default_ban_time)
-    : clientInterface(client_interface),
-      m_ban_db(std::move(ban_file), chainParams),
-      m_default_ban_time(default_ban_time) {
-    if (clientInterface) {
-        clientInterface->InitMessage(_("Loading banlist..."));
-    }
-
-    // Load addresses from banlist.dat
-    int64_t nStart = GetTimeMillis();
-    setBannedIsDirty = false;
-    banmap_t banmap;
-    if (m_ban_db.Read(banmap)) {
-        // thread save setter
-        SetBanned(banmap);
-        // no need to write down, just read data
-        SetBannedSetDirty(false);
-        // sweep out unused entries
-        SweepBanned();
-
-        LogPrint(BCLog::NET,
-                 "Loaded %d banned node ips/subnets from banlist.dat  %dms\n",
-                 banmap.size(), GetTimeMillis() - nStart);
-    } else {
-        LogPrintf("Invalid or missing banlist.dat; recreating\n");
-        // force write
-        SetBannedSetDirty(true);
-        DumpBanlist();
-    }
-}
-
-BanMan::~BanMan() {
-    DumpBanlist();
-}
-
 class CNetCleanup {
 public:
     CNetCleanup() {}
diff --git a/src/net_processing.cpp b/src/net_processing.cpp
--- a/src/net_processing.cpp
+++ b/src/net_processing.cpp
@@ -7,6 +7,7 @@
 
 #include <addrman.h>
 #include <arith_uint256.h>
+#include <banman.h>
 #include <blockencodings.h>
 #include <blockvalidity.h>
 #include <chain.h>
diff --git a/src/rpc/net.cpp b/src/rpc/net.cpp
--- a/src/rpc/net.cpp
+++ b/src/rpc/net.cpp
@@ -4,6 +4,7 @@
 
 #include <rpc/server.h>
 
+#include <banman.h>
 #include <chainparams.h>
 #include <clientversion.h>
 #include <config.h>
diff --git a/src/test/denialofservice_tests.cpp b/src/test/denialofservice_tests.cpp
--- a/src/test/denialofservice_tests.cpp
+++ b/src/test/denialofservice_tests.cpp
@@ -4,6 +4,7 @@
 
 // Unit tests for denial-of-service detection/prevention code
 
+#include <banman.h>
 #include <chain.h>
 #include <chainparams.h>
 #include <config.h>
diff --git a/src/test/test_bitcoin.cpp b/src/test/test_bitcoin.cpp
--- a/src/test/test_bitcoin.cpp
+++ b/src/test/test_bitcoin.cpp
@@ -4,6 +4,7 @@
 
 #include <test/test_bitcoin.h>
 
+#include <banman.h>
 #include <chain.h>
 #include <chainparams.h>
 #include <config.h>
diff --git a/src/test/test_bitcoin_main.cpp b/src/test/test_bitcoin_main.cpp
--- a/src/test/test_bitcoin_main.cpp
+++ b/src/test/test_bitcoin_main.cpp
@@ -4,6 +4,7 @@
 
 #define BOOST_TEST_MODULE Bitcoin Test Suite
 
+#include <banman.h>
 #include <net.h>
 
 #include <boost/test/unit_test.hpp>