a) find a cooperative receiver of the spoofed packets
b) log/mirror packets on inbound packets at their border routers to determine which peer the packets are coming from
c) ask that peer to do the same thing etc.
You can speed things up if the destination address of the spoofed packets is in a /24 that you can afford to do disruptive experiments with; and you have a wide network with extensive peering. In that case, advertise that /24 at all your locations and to all your peers. When you get traffic, if it's from a single source, you may only need to work with one peer to find the true origin.
The article here is basically PR from the Tor project. I suspect most reader here would find this relatively high-level technical analysis of the attack more interesting: