Basically - a tarpit is when you answer the request, but feed bytes extremely slowly. This is an effective strategy against spammers. It slows them down. A DDOS attack normally (as I understand it) are fire and forget requests; an attempt to tie up capacity.
I would think what's happening is sort of like a reverse of this - just a guess, but perhaps the cloudflare page gets the browser to originate another request and handshakes the request; to see if it's really a browser. If it doesn't respond normally, it might then do the human verification or just leave the browser there.
One of these days, I'll have browser diagnostics running when I hit a cloudflare check page. The internet requests would be interesting to see.
That'd be interesting - Maybe a combination of both. But I bet they can spot DDOS by the nature of the request.
In addition, the client is given a hard-to-solve but easy-to-verify problem, making the requestor burn far more resources than it costs the server.
So, effectively, they tarpit the original request to see it's a DDOS bot. A normal browser would close the request or end it. Interesting.
Basically - a tarpit is when you answer the request, but feed bytes extremely slowly. This is an effective strategy against spammers. It slows them down. A DDOS attack normally (as I understand it) are fire and forget requests; an attempt to tie up capacity.
I would think what's happening is sort of like a reverse of this - just a guess, but perhaps the cloudflare page gets the browser to originate another request and handshakes the request; to see if it's really a browser. If it doesn't respond normally, it might then do the human verification or just leave the browser there.
One of these days, I'll have browser diagnostics running when I hit a cloudflare check page. The internet requests would be interesting to see.
Wow! So when the bot "forgets" it's requests, it's making room for new ones and repeats?