The real cause of large DDoS - IP Spoofing

Large DDoS attacks are possible on the modern internet due to IP spoofing, a technique where an attacker sends IP packets with a fake source IP address. These attacks can be divided into direct and amplification types. Direct attacks involve sending traffic directly against a victim IP, while amplification attacks involve sending traffic to vulnerable UDP servers that reflect and amplify it by sending large responses to the unknowing victim. Both types of attack require IP spoofing. Effective filtering preventing IP spoofing can only be done on the edge of the network - at the last-mile ISPs. The internet community has recognized this issue and written down BCP38, which outlines how source IP filtering can prevent IP spoofing.