I just bought a small box with two Ethernet ports for under $150US that I plan to run something like pfSsense or similar on. I'll supplement an HDD and RAM scavenged from a retired laptop to complete the H/W package. The initial rationale was to block DNS requets to any but my preferred provider to defeat the DNS hijacking attacks. Perhaps there would be a way to detect unusual traffic patterns and block them to thwart other sorts of attacks. Better yet, I could restrict outbound connections from my devices to their intended destinations.
I don't know how feasible this is and it is certainly beyond the capabilities of the average user. I wonder if something like this could be produced commercially. Or if the functionality could be added to consumer level routers. I suppose the problem is if consumers are not directly affected by it they are not motivated to pay for it.
I'm just a little more paranoid than most. I don't think I can outrun the bear but I think I can stay ahead of the most of the crowd.