Basically - a tarpit is when you answer the request, but feed bytes extremely slowly. This is an effective strategy against spammers. It slows them down. A DDOS attack normally (as I understand it) are fire and forget requests; an attempt to tie up capacity.
I would think what's happening is sort of like a reverse of this - just a guess, but perhaps the cloudflare page gets the browser to originate another request and handshakes the request; to see if it's really a browser. If it doesn't respond normally, it might then do the human verification or just leave the browser there.
One of these days, I'll have browser diagnostics running when I hit a cloudflare check page. The internet requests would be interesting to see.
Basically - a tarpit is when you answer the request, but feed bytes extremely slowly. This is an effective strategy against spammers. It slows them down. A DDOS attack normally (as I understand it) are fire and forget requests; an attempt to tie up capacity.
I would think what's happening is sort of like a reverse of this - just a guess, but perhaps the cloudflare page gets the browser to originate another request and handshakes the request; to see if it's really a browser. If it doesn't respond normally, it might then do the human verification or just leave the browser there.
One of these days, I'll have browser diagnostics running when I hit a cloudflare check page. The internet requests would be interesting to see.