So it turns out at the network service level, anonymity has never been guaranteed. If I, as another chunk of the network, can't trust your chunk, it's going to get cut from accessing me.
There has to be some ability to establish baseline trust.
It's true due to the nature of what the network is.
In the abstract: if I own the infrastructure and someone uses that infrastructure to hurt someone, that someone who was hurt (or the parties who protect them) are going to come to me asking questions. If I just say "I don't know" and the law doesn't protect my willful ignorance, I'm at best enabling harm; I'm at worst socially or legally liable for negligence.
In the abstract, the systems of human governance recognize harm and seek to mitigate it.
So if I'm peered to a network using me as a bridge to do harm, I can't trust that network when the bad starts to outweigh the good. If I can't establish trust via human methods, I'm gonna cut that network off to protect myself.
(The Internet started as people who had working relationships with each other and grew out from there. Even though the web of connections is much larger and more indirect now, the whole thing is still at its core a human construct and beholden to human standards of conduct, because humans ultimately have their hands on the various plugs that are yankable).
OK, but in this specific example, what would you do in the shoes of Hetzner?
My understanding of the situation is, somebody in Network A is sending spoofed traffic to Network B. Hetzner receives abuse reports from Network B.
Should Hetzner either establish trust or cut off: Network A, Network B, or their customer?
Hetzner has or should have means to verify that their customer is not the one making port 22 requests. They are not the attacker. Network B is reporting the issue, they are also not the attacker. And Hetzner cannot identify Network A, at least not without Network B's cooperation. And even if Hetzner does identify and cut off Network A, the problem remains – Network A can still send spoofed traffic to Network B.
If they feel like it, they can reply to the abused party that they have misidentified the attacker (and why). It is up to the victim to then research further if they feel so inclined.