DDOS attack

[hynaku]

Why can't they just trace back to where all the massive DDOS logins are coming from. There should be a way to trace where they come from.

[Sjol]

Why can't they just trace back to where all the massive DDOS logins are coming from. There should be a way to trace where they come from.

There are various ways for them to mask the traffic, but also even if you have a list of a million IP addresses, what does that actually get you? Usually, it's millions of compromised devices regular people own that are being used to initiate the attack. IoT botnets are a kind of scourge. SE could be being attacked by TVs, smart light bulbs, security cameras all controlled by malicious actors. Botnets can be very large and even if you block the first hundred thousand devices, they can send a different hundred thousand devices at it. It's a tough problem to solve.

[UkcsAlias]

There are various ways for them to mask the traffic

Just to note, the most popular method is also the strongest and these days even standard: ddos amplification.

Instead of directly sendig the spam to the server, you can often initiate unhacked devices to 'assist'. Just send a spoofed request towards such unhacked device acting as if you are the target. That device then responds with its data. A request could be 10kb of data, while the response could be 900kb. Thats a boost of 90x the traffic it would otherwise send. And now that hacked device has to send less, it can send a lot more of those requests.

And the worst part is. Even if you trace back the data... you only see the unhacked device as source (the data they send still contains valid data, its just garbage for the purpose of the server). This can be used to mitigate future attacks as it can detect a source of vulnerable devices, but rarely this results in an actual fix. People are lazy at updating, or devices are never going to be fixed.

This gets worse when isps do not install tools themselve to mitigate it. Which because it isnt mandatory and costs money, almost none does. They rather remain vulnerable to save costs, as when a ddos gets pointed to them, they can act as victim themselve.

[AshtarCatto]

Why can't they just trace back to where all the massive DDOS logins are coming from. There should be a way to trace where they come from.

They aren't login into the game at all. Someone is sending packets of information to deny access to the services hosted on the servers. As Sjol stated below, the gross of that traffic comes from unsecured IoT devices and even malware infected PCs... Here's a video explaining what a botnet is, maybe it can help you to understand how all this works , sometimes it can be a bit cryptic for people who are not into cybersec https://www.youtube.com/watch?v=EQyaaK1S7WM

For the same reason, is next to impossible to identify a culprit without a forensic investigation, and that can take days, weeks, months... Even your own pc could have been compromised by malware from somewhere and sending packets to the servers without your knowledge!

[SnowVix]

Why can't they just trace back to where all the massive DDOS logins are coming from. There should be a way to trace where they come from.

tracing will end up with a massive web of compromised devices. the first D in DDoS stands for "Distributed". which are only getting easier to do as we get more IoT devices (smart fridge? is that really something you want?), which can be compromised to be roped into a botnet with pretty much zero alarm raised to the end user because they don't think about them as being computers.