So, these DDOS attacks take advantage of IoT devices so how would you tell the difference using vetting when they are on the same networks as regular users?
I would just ban the ips for 24hrs if I detect an IP that is part of a ddos. After that people will wise up and unplug their nanycam/toaster/iotwhatever
You're assuming that people will know or be able to guess what is compromised. Assuming multiple IOT devices the average user won't have any clue, and will think they just need to run antivirus on their Windows box.
Prune at the link level. Connect to people you trust to do so using a special community (or really, physical infra). It is ok if bank A to bank B communications get protected in a way which eliminates Bank A and Bank B connectivity to even 20% of legitimate end users in emergencies.
