A number of the DDoSes from China are involuntary induced by DNS Poisoning. When users query a block dns name, they may receive an IP other than the website they want to visit. It may used to redirect traffic to make DDoS without those 'drones' even know about they're involved. Just like for a week long, whenever I try to access Facebook, I got redirected to some german IP, and receive a TLS CN mismatch error.