Re: this is what happens when you dont enforce authentication
Because it's totally impossible to target the auth endpoint with a DDoS, thus taking down the auth mechanism, and therefore the service?
Any business that supplies a service, over the internet, at one or more reachable endpoints, is vulnerable to those endpoints coming under a DoS attack. Auth won't make an ounce of difference to that, although other filtering techniques are available, such as black/whitelisting, packet filtering, and so on, which may have varying practicability depending on how many service users you have, whether they have static IP ranges (hint: they probably don't), whether the attackers do (hint: the first D in DDoS means they don't), whether bogus traffic can easily be separated from genuine traffic from packet shape, etc.
I'm sure the people being attacked in this instance have a better handle on the specifics of all these things, as they pertain to their service, than you do, and yelling "try grabin f'ing clue" [sic throughout] just indicates that either you are not well versed in the subject yourself, or that you are, and you are just very bad at your job.