Quote Originally Posted by Sjol View Post
There are various ways for them to mask the traffic
Just to note, the most popular method is also the strongest and these days even standard: ddos amplification.

Instead of directly sendig the spam to the server, you can often initiate unhacked devices to 'assist'. Just send a spoofed request towards such unhacked device acting as if you are the target. That device then responds with its data. A request could be 10kb of data, while the response could be 900kb. Thats a boost of 90x the traffic it would otherwise send. And now that hacked device has to send less, it can send a lot more of those requests.

And the worst part is. Even if you trace back the data... you only see the unhacked device as source (the data they send still contains valid data, its just garbage for the purpose of the server). This can be used to mitigate future attacks as it can detect a source of vulnerable devices, but rarely this results in an actual fix. People are lazy at updating, or devices are never going to be fixed.

This gets worse when isps do not install tools themselve to mitigate it. Which because it isnt mandatory and costs money, almost none does. They rather remain vulnerable to save costs, as when a ddos gets pointed to them, they can act as victim themselve.