Re: this is what happens when you dont enforce authentication
Because it's totally impossible to target the auth endpoint with a DDoS, thus taking down the auth mechanism, and therefore the service?
Any business that supplies a service, over the internet, at one or more reachable endpoints, is vulnerable to those endpoints coming under a DoS attack. Auth won't make an ounce of difference to that, although other filtering techniques are available, such as black/whitelisting, packet filtering, and so on, which may have varying practicability depending on how many service users you have, whether they have static IP ranges (hint: they probably don't), whether the attackers do (hint: the first D in DDoS means they don't), whether bogus traffic can easily be separated from genuine traffic from packet shape, etc.
I'm sure the people being attacked in this instance have a better handle on the specifics of all these things, as they pertain to their service, than you do, and yelling "try grabin f'ing clue" [sic throughout] just indicates that either you are not well versed in the subject yourself, or that you are, and you are just very bad at your job.
Biting the hand that feeds IT
