Distributed denial-of-service (DDoS) attacks are nowadays easy and cheap to carry out, and have become bigger and more frequent over the last years. Cloud-based scrubbers have emerged as a service which victims can hire on demand to fend off attacks. There are many industry players, but not much insights into their operations. This work unravels for the first time the inner workings of a DDoS scrubber - NaWas- a non-profit scrubber in the Netherlands. We analyze 1800+ DDoS attacks spanning over a period of 22 months, and show that while most attacks are not very large, they are still large enough to disrupt services and likely to disturb links. We estimate the collateral damage incurred by DDoS attacks, and demonstrate that the number of victims of is at least quadratically larger (IP²) than the targeted addresses. Last, by correlating attacks metadata with authoritative DNS traffic, we show that DDoS attacks leave fingerprints on DNS traffic, which, in turn can be used to detect DDoS attacks at early stages, even if attackers attempt to deceive DNS based detection.