They could make the packets stand out less, but there'd still be the overlapping reply from the legitimate Baidu host, unless the attackers went full MITM.
In case anyone is confused: we're now talking about the TTL of the packets coming from hijackers, whereas I was originally talking about the TTL of the packets going towards Baidu and the hijackers. The TTL the hijackers send won't affect the tracing method I was suggesting.
In case anyone is confused: we're now talking about the TTL of the packets coming from hijackers, whereas I was originally talking about the TTL of the packets going towards Baidu and the hijackers. The TTL the hijackers send won't affect the tracing method I was suggesting.