Yes, you block by IP and piss off customers or the whole /64 if necessary. IPs will almost always be sticky to the advertised prefix.
A TCP SYN, or any UDP initial request indistinguishable from legit traffic of the same protocol at L3/L4, and both can be spoofed so I don't know where you got the idea that they cant be spoofed and are L7 only.
If you're "stopping the attack" through dispersion, you're not actually stopping it, you're just paying the price of absorbing it. I know this is common practice, but it's pathetic than an arms race is the state of the art in defense. It concentrates power into orgs like cloudflare, akamai, and Google (project shield) because the only way to participate is to use them.
A TCP SYN, or any UDP initial request indistinguishable from legit traffic of the same protocol at L3/L4, and both can be spoofed so I don't know where you got the idea that they cant be spoofed and are L7 only.
If you're "stopping the attack" through dispersion, you're not actually stopping it, you're just paying the price of absorbing it. I know this is common practice, but it's pathetic than an arms race is the state of the art in defense. It concentrates power into orgs like cloudflare, akamai, and Google (project shield) because the only way to participate is to use them.