Dumb question:
If some camera, vaccum cleaner, toothbrush or refrigirator is behind NAT, can it do IP spoofing ? Won't the "from" address be replaced by the CPE router with the proper IP address assigned to that customer so that on the Internet itself, that packet will travel with a real IP routable back to the CPE ?
Depends on the way the NAT box works. But since Dyn-style attacks don't use IP spoofing, it doesn't really matter.
Could mobile phones become a source of such attacks ?
Depends both on the phone and on the network. But since Dyn-style attacks don't use IP spoofing, it doesn't really matter.
If the number of infected devices in eastern USA is insufficient to have caused that DDoS, can one infer that the attack used an actual IP address instead of the anycast one in order to target the the eastern USA hosts irrespective of the location of the infected device ?
No. Anycast addresses are real IP addresses. There isn't a "real" address to attack. R's, John