[–] 21117013? 0 points 2 points 2 points (+2|-0) ago
No.
DDoS usually focuses on the connection establishment handshakes which take place well before the login page is served. That's why it's difficult to counter.
There's not (inherently) anything distinguishing a connection from a DDoS attack from a legitimate connection.
The only way to discriminate between the two is by correlation with other factors like "Is the source IP establishing too many connections at this time ?".
Correlation is expensive (needs a bunch of logs and log parsing), prone to false positives and sometimes impossible.
[–] 21113067? ago
Yup