The scale, diversity, and magnitude of recent DDoS attacks have knocked enterprises back on their heels. The question at hand is whether self-regulation will improve or if regulatory intervention is inevitable. The attacks exploit UDP-based services (DNS, chargen, and now NTP) They exploit the absence of anti-spoofing measures by ISPs or private networks, and they exploit the “open” operation of these services, taking advantage of open DNS resolvers, publicly accessible network time servers, and services that should be configured to respond to clients within specific administrative domains.”]
Source: https://www.darkreading.com/attacks-breaches/ddos-attack-is-regulation-the-answer-