Dyn says that the DDoS attack that swamped its DNS resolution service last week was backed by far fewer internet of things (IoT) devices than it thought before.Previously it said it was hit by traffic from tens of millions of IP addresses, some of which were likely spoofed, making the actual number of bots involved far fewer. \u201cWe are still working on analyzing the data but the estimate at the time of this report is up to 100,000 malicious endpoints,\u201d the company says in a status update.The attacks, which knocked out access to some high-profile Web sites, threw as many packets at Dyn\u2019s infrastructure as it could and the company responded with its own mitigation actions as well as cooperation from upstream internet providers who blocked some of the attack flow. \u201cThese techniques included traffic-shaping incoming traffic, rebalancing of that traffic by manipulation of [DNS querying] anycast policies, application of internal filtering and deployment of scrubbing services,\u201d the company says.Despite these efforts, Dyn says it still suffered waves of packets 40 to 50 times higher than normal traffic, so it doesn\u2019t have direct knowledge of the full volume of the attack. \u201cThere have been some reports of a magnitude in the 1.2 Tbps range; at this time we are unable to verify that claim,\u201d writes Scott Hilton, the company\u2019s executive vice president of product.Since the DNS servers were flooded by request, many of them went unanswered before the time interval allotted to answer them expired. So the querying machines \u2013 both legitimate and bot \u2013 did retries, generating even more traffic and compounding the effect of the attack, the company says.[ RELATED: How to approach keeping your IoT devices safe ]\u201cIt appears the malicious attacks were sourced from at least one botnet, with the retry storm providing a false indicator of a significantly larger set of endpoints than we now know it to be,\u201d the posting says.While the effects of the attacks were felt publicly less than 24 hours, probing attacks against Dyn continued for days afterward but were handled by the company without significant impact on services.There are certain aspects of the attack the company won\u2019t talk about. \u201cDyn is collaborating in an ongoing criminal investigation of the attack and will not speculate regarding the motivation or the identity of the attackers,\u201d Hilton says.As has already been confirmed by researchers at other service providers, the main source of the attack was a Mirai botnet. The malware that gathers Mirai bots has been used over the past month to create what is believed to be the largest volume DDoS on record, something over 1Tbps.Because the source code for Mirai has been posted publicly, this type if attack is likely to continue for the foreseeable future, experts say, with no clear path to stemming the threat.Dyn says it is working with other infrastructure providers to figure out effective mitigation strategies so attacks like the ones it suffered last week can be brought under control more quickly and with less impact on end users just trying to use the internet.