It was a general rejection system, so all valid (and recently invalidated) tokens were in the same bloom. If we rejected your token, your connection was cut immediately without response. The normal mechanisms for limiting short-lived connections from a given address apply, so your ability to sample for that would be severely limited, and chances are you wouldn't even have a well-formed token to sample with anyway (since the tokens were authenticated).
I don't work on that anymore though. I might do something similar in the future, but being able to detect when admins are snoozing is low on my list of concerns; if it's designed properly, it'll be cheaper to hire PIs to just look and see when they're snoozing.
I don't work on that anymore though. I might do something similar in the future, but being able to detect when admins are snoozing is low on my list of concerns; if it's designed properly, it'll be cheaper to hire PIs to just look and see when they're snoozing.