But also the difficulty of dealing with distributed buggy/problematic clients. Same reason that fail2ban is less effective against large botnets, password spraying defeats many rate-limits, and abusive NTP use by routers (https://slashdot.org/story/06/04/07/130209/d-link-firmware-a...) is so hard to deal with.
