Comment by spencerflem
14 hours ago
They get blocked by Recaptcha, I think.
I’m not talking about the network itself but the servers on the other end.
I guess my point is that while Google is definitely malicious, I don’t think every site using recaptcha is and if we expect them not to use that tool there should probably be an alternative.
> They get blocked by Recaptcha, I think.
I think SV was asking what onion services, which can't really use recaptcha, do to prevent the DDoS storm.
And I would imagine the answer is obscurity, since the dark web isn't nearly as well-mapped as the public web. That and some Anubis or other PoW would probably go far.
Proof of work I get, but isn’t that like step2?
If I’m hosting at some IP, I still need Anubis or something to serve up the challenge, so doesn’t that become the attack point?