Dumb question: If some camera, vaccum cleaner, toothbrush or refrigirator is behind NAT, can it do IP spoofing ? Won't the "from" address be replaced by the CPE router with the proper IP address assigned to that customer so that on the Internet itself, that packet will travel with a real IP routable back to the CPE ? Could mobile phones become a source of such attacks ? Depending on subscription, many are given actiual internet IPs and not NATted, so they could theoretically send packets with spoofed IPs. (would likely require rooted android phones, and how many of those are there ?) Second dumb question: If the number of infected devices in eastern USA is insufficient to have caused that DDoS, can one infer that the attack used an actual IP address instead of the anycast one in order to target the the easter USA hosts irrespective of the location of the infected device ? Could one operate such a host with the "real" IP address in a subnet that has its own BGP announcement, and when there is an attack, one would change the real IP to a different IP address in a different subnet, and drop the route announcement for the first subnet (making those attack packets unroutable at the origin). Is that a viable counter measure ?