Re: So,, what's the fix? (Score 1)

That isn't entirely true, there are a few carrier grade solutions that providers can deploy within thier transport structure to mitigate DDoS attacks. These systems do not rely on "your" firewall, mostly human intelligence and the occasional premises monitor NVF. Arbor Networks comes to mind. The ISP installs scrubbers at their ENNI interfaces and at key transport interconnects. The scrubbers reroute customer traffic, clean it and then hairpin the traffic back out of the scrubbers and deliver it to the customer. Of course this does require the providers to outlay significant capital to provid this service.