Seems like the only way is to have a base list, or at least one node being pointed to the new instance. Maintain a table of addresses for each connected nodes, and share them between other nodes.
Secret key generated on build of the application? Not sure. Public Key Certificate to verify ownership would probably be the best way (read - easiest), at least for the initial connection to ensure that you're not adding a spoofed node.
How does this work with UDP? I need something which would prevent any user spoofing, but it needs good performance. I don't need to anonymize or make the message secret, or even ensure integrity; I just need to prevent (again) spoofing.
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange https://en.wikipedia.org/wiki/Message_authentication_code
Potential solution; use unique unpredictable identifier for packets from ish-established connection: https://en.wikipedia.org/wiki/IP_address_spoofing#Upper_layers