If an attacker successfully installed a backdoor that connects to his computer via a reverse shell, how can the attacker hide his IP address?
I'd guess he can't use Tor or a VPN, because packet forwarding would be quite impossible (is that correct?). Maybe he can use a different bought or hacked server as a proxy? How would he achieve that?
How can the attacker stay anonymous?