Yeah, sybill attacks are pretty hard to get around. IPFS itself doesnt entirely depend on a DHT though, it uses it when it can, but also falls back to a more gossip style approach of just asking peers you connect to for the data. So if you wait long enough, and the content is out there, you're very likely to end up finding it as your node makes and receives random connections throughout the network. This does still mean that the sybill attacker can severely degrade the quality of service though, so other solutions are getting looked into. The 'easiest' one that comes to mind is just forming an incentivized DHT of some kind, with the simplest start to that being a requirement that all DHT server peers stake some funds. There are a lot of weird things in this problem space, and its still pretty young IMO