>>/22076/
That's actually a pretty good honeypot.  I hope that's the case.  Then you monitor comms to find out who hired the ddos, or who is in charge of the ddos.