These are spoofed packets for SYNACK reflection attacks. Your response traffic goes to the victim, and since network stacks are usually configured to retry SYNACK a few times, they also get amplification out of it
There is a solution to that, but it requires these companies to implement source address validation. If your ISP is on the list, maybe complain about it.
pabs3|3 months ago
https://spoofer.caida.org/as_stats.php