said by astirusty 
:If the filtering were done, I think it would allow a lot of attacks like the recent DDoS here at DSLR to be quickly minimized. . . .
I may be wrong, but (based on my understanding of what has just transpired here) that requires a very different kind of filtering, . . . and one with far higher overhead. Filtering on source IP wouldn't have much impact; they were apparently valid, not spoofed, IP addresses. Nor would filtering on destination port (TCP 80, I believe in this instance). That would effectively cut off everyone on that netblock (infected or clean) from being able to browse the web!
Poor (dumb) wording on my part. I really meant "filtering" here to encompass the entire concept of egress/ingress filtering / logging at the ISPs connection to the outside world and the users to their ISP, and the idea of the ISPs cooperating together. Additionally the partial automation of tracking down the sources of the scans/attacks and terminating their connections.
·
