OPC UA user and Client Authentication reduce the risk of a legitimate Client being used to mount a resource exhaustion attack. Additionally, Server Auditing allows the detection of the Client if a resource exhaustion attack was carried out by a legitimate Client. Servers are also required to recycle OpenSecureChannel request that have not been completed (specified in OPC 10000-4), this will eliminate attacks from non-legitimate Clients. Servers are encouraged to minimize logging of invalid attempts. Servers should track invalid attempts with diagnostic counters instead of verbose log messages, this would even apply to connection attempts that only open a socket. Resource exhaustion attacks do not apply to PubSub Systems, since no sessions or resources are allocated.