How can a hacker buy 25,000 IP addresses?
I worked for a larger tech company on the login / authentication platform and saw hackers cycle through 10,000+ IPs. How does a hacker acquire access to tens of thousands of IP addresses? Is it possible to fake an IP address?
So one does not need to own an IP address to run mischevious stuff from it. You could spin up a scan from a cloud instance pretty trivially, and distributed botnets/random script kiddies are a thing as well. There is also nothing keeping one from coming into possession of a large chunk of IP addresses except the financial barriers and organizational policy in the case of IPv4.
It should make one blanch the amount of energy that gets expended on wasteful attempts to brute force network address spaces, but it's just a reality of the Internet.
It's pretty common to see bots scanning the internet for misconfigured proxies that can then be openly abused to distribute traffic.
Additionally there are a number of readily available services where one can rent IPV4 and IPV6 proxies (For example see https://proxyall.com/pricing.php)
I think if you are tracking or getting the IP address from a UDP packet, hacker can fake it. But if it is TCP, they cannot fake it since TCP handshake need to communicate back and forth with origin of the connection which in this case is the hacker.
IP address are cheap these days with IPv6 available. Are those IPv4 or IPv6?
Botnets, cheap cloud/hosting, BGP hijacking, etc.
Are they consecutive? Can it be a botnet?