Distributed Denial-of-Service (DDoS) attacks have doubled in 5 years (2018 to 2023). It also evolved over time. We see hackers using Spoofed IP addresses while launching attacks from compromised servers. Hackers adopted this tactic of using spoofed IP addresses to “cover their tracks”. Changing the IP addresses makes it appear as though the attacks come from somewhere else. This makes it more difficult to trace and block the attacks.

Failing to correctly identify the faked/spoofed IP from real IPs could make Managed Security Service Providers like Watchdog into becoming an “unwittingly collaborator of DDoS attacks”.

https://mb.com.ph/2025/1/19/ml-to-detect-spoofed-ip-addresses-a-study-in-progress