|
|
|
|
|
|
by akerl_
237 days ago
|
|
|
You're just sort of loosely interweaving unrelated comments? You're back on prevention instead of detection, but also no: an attacker with valid creds isn't going to run other checks first before using them. And yes: by volume, most attacks on the internet are just spam reusing published tools and IP lists. And that traffic is zero percent risky unless your auth is already busted. |
|
|
Well it's a waste of our time and resources. I'm not just going to let people make 100 requests per second for no reason?