DDOS attack

[Sjol]

Why can't they just trace back to where all the massive DDOS logins are coming from. There should be a way to trace where they come from.

There are various ways for them to mask the traffic, but also even if you have a list of a million IP addresses, what does that actually get you? Usually, it's millions of compromised devices regular people own that are being used to initiate the attack. IoT botnets are a kind of scourge. SE could be being attacked by TVs, smart light bulbs, security cameras all controlled by malicious actors. Botnets can be very large and even if you block the first hundred thousand devices, they can send a different hundred thousand devices at it. It's a tough problem to solve.

[UkcsAlias]

There are various ways for them to mask the traffic

Just to note, the most popular method is also the strongest and these days even standard: ddos amplification.

Instead of directly sendig the spam to the server, you can often initiate unhacked devices to 'assist'. Just send a spoofed request towards such unhacked device acting as if you are the target. That device then responds with its data. A request could be 10kb of data, while the response could be 900kb. Thats a boost of 90x the traffic it would otherwise send. And now that hacked device has to send less, it can send a lot more of those requests.

And the worst part is. Even if you trace back the data... you only see the unhacked device as source (the data they send still contains valid data, its just garbage for the purpose of the server). This can be used to mitigate future attacks as it can detect a source of vulnerable devices, but rarely this results in an actual fix. People are lazy at updating, or devices are never going to be fixed.

This gets worse when isps do not install tools themselve to mitigate it. Which because it isnt mandatory and costs money, almost none does. They rather remain vulnerable to save costs, as when a ddos gets pointed to them, they can act as victim themselve.