The garbage traffic came from about a hundred thousand
infected servers, most noticeably, in LeaseWeb B.V.,
Hetzner Online AG, PlusServer AG, NFOrce Entertainment
BV, Amazon and Comcast networks. That said, the attack
was distributed evenly across thousands of hosts and none
contributed more than 5% of the total volume.
I used to host a lot with Hetzner, and while quite expensive, they mostly responded to these kinds of things very quickly and with a certain level of technical competence (which definitely cannot be said of every hoster). Also, I'm quite surprised to not see OVH in there, as their network has a kind of "reputation" for these things...
Fighting back would‘ve been a little easier, if the abuse
departments in most of the mentioned companies didn’t
process requests 9-5, Mon-Fri only. (Hours more befitting
a scuba-diving shop in Vatican.)
Business as usual I would say...although I don't scuba-dive...
Edit: formatting