That IS the point. How do you know who is being attacked? How do you trust that which is inherently untrustable? "Bob said he was under attack. I know Bob. Bob told me in person. And Bob never makes mistakes." Great. You trust Bob and are now filtering any attack traffic from your network. How do you get the other 7bil people on Earth to trust Bob (or you as proxy)? Coordination of the who's and where's is a MASSIVE issue. No amount of hand waving or snapping one's fingers will cause a solution to pop into existence. Any such system would be gamable as an attack vector itself.
Plus, as I've said elsewhere, we can't get people to turn on technology that's been in the hardware for 20 years -- one command; computationally "free" as it's built into the forwarding hardware. What makes you think even 10% of the networks in the world would play ball? We have the mess we have today because everyone is free to run their network(s) however they please.
I very highly doubt that. How many "youtube millionaires" are there? If youtube ads are generating that kind of cash for uploaders, it's making A LOT more for youtube. The only way they can be "breaking even" is by accounting tricks to hide money. (i.e. "buying" services from other parts of the company.)
And Bad Actors(tm) not inserting bogus hop data. At the end of the day, you cannot trust anything outside your own network. And you're suspicious of your own network.
MAC's don't cross routers -- they're local, ethernet node-to-node addresses. My ISP(s) have no idea what devices I have inside my network(s). All they see is the one MAC of my router. (also, because I'm only allowed one device on the cablemodem.) ISPs would have to push filters into the customer's network, which they very likely cannot control. Plus, the filters would have to be changed regularly based on data from a non-existent "DDOS reporting/coordination center". (If I'm under attack, how do I alert every ISP on the planet? How do you authenticate that report? How do you prevent hackers from using such a service to create a DDOS?)
NAT isn't the problem. STUPID PEOPLE are the problem... NAT'ing things that should be left isolated, and giving internet access to junk that doesn't even need to be connected privately. (and then there's the BS of UPNP. Sure, let's let any f'ing thing on the network make whatever holes it wants through the "firewall")
quickly becoming obsolete anyway
Not obsolete, per se, just ineffective. If you can get 100,000 devices to make 100 DNS queries per second, that's 10mil packets per second. There's little need to hide where they're coming from. Even if some of them get shutdown, there are plenty more out there. Too damned many things that have no reason to be "connected" are sitting on the internet. There's zero security in their design, zero security in their setup, zero security in their use, and no g** d*** reason for them to be talking to the rest of the internet. It's even better when you look at the shear volume of abandonware there is -- that cool networked thermostat [printer, coffee mug, etc] you bought last month? No longer the current model, and no longer supported (and never was.)
And sadly, it's just more junk no one will bother to turn on. PEIP is completely new technology that would have to built into routers, when we can't even get people to turn on what's been built into the hardware for 20 years!
I suspect your "customers" need to find better ISPs -- i.e. stop running their business via a residential service. 200 almost identical pdf attached emails all at once is certainly going to raise a flag. To a residential ISP, it's simply 200 all at once that triggers action. Either run your own mail server on a true business line (TWC-BC ain't it) or pay someone else to host your email, and never relay anything through the ISP server(s). That does mean having your own domain and looking like a real company instead of "email@example.com".
There are ISPs that do that. If they detect you sending SPAM (verified by a human), you get disconnected until you can prove the malware has been removed.
BCP38 is useless in these cases
Except for tracking back the infected devices. Or put another way, being able to trace back where the traffic is coming from to place filters where they would be most effective. DDOS attacks tend to me far less distributed than the name implies. Also, ultimately removing the infestation from those source networks/machines.
and in contrast to the claims of these articles, are already widely deployed.
*sigh* Except THEY. AREN'T. The last time I checked (a few years ago), none of my providers limited the source of my traffic. Earthlink, TWC, VZB, TWTC (now L3),
Actually, it adds a measurable cost. Something has to generate a password, print it on a label, burn it into the device, and then get it on the case. The biggest issue is getting the manufacturing chain re-tooled to do it. There's already a serial number doing all that, so the SN logically becomes that "random password". Given the MAC and SN are related numbers, it makes for a bad password.
And after all that work, the new owner sets a bad password. A device with complex password requirements will get returned in favor of one that doesn't preach bullshit to the user. (the more complicated you force a password to be, the LESS secure the password will actually be. How many times have I seen people use P@s5word or P@ssw0rd?)
Your TTL would have to be measured in multiple DAYS. 30min (1800s) isn't a very long attack. The sites you see with 120s TTLs either do so for load balancing, or because their admins are idiots. (or their DNS provider are idiots setting such a low default, and the admin didn't change it, assuming there's an obvious way to do so.)
Holding the CEO and other executives legally responsible for the insecurity of their networks would be a start. Of course, that'll never happen. And it wouldn't stop a damned thing in other countries. Is it really so shocking that penny pinching ISPs have shitty, insecurity networks that (a) no one actively monitors, or (b) give enough of a shit to do anything when they are made aware of a problem? And those are the "good actors"! There are plenty of ISPs across the globe that simply do not care what their customers do, as long as the bill is paid. (the unending spam in your inbox should've taught you that long ago.)
The only technical means of doing anything about it would be for Cisco, Juniper, etc. to turn on uRPF permanently, with ZERO option to ever disable it. That won't stop an attack, but at least you'll know who is attacking you.
Actually, you've pretty much always been able to get better (newer) hardware in the windows market, for the same dollar. Apple is invariably one to two generations behind on processors, graphics chips, and (non-"retina") displays. Of course, almost all modern displays are just f'ing TV's these days (1920x1080)
FORTUNE'S FUN FACTS TO KNOW AND TELL: #44 Zebras are colored with dark stripes on a light background.