[FunkyZero]

It is dependent on many variables, unfortunately.
distributed attacks cannot be defeated, only your service provider can null route all the traffic destined for the target address, and this action makes your server(s) unavailable for anyone to access. If you have multiple servers running on different addresses on the same circuit, this can at least save those devices. Unfortunate as it is, this is the way it works. In a distributed attack, thousands of infected machines can attack a target simultaneously, and a good part of these machines are in other countries that could really care less. Even if they did, mopping up the mess can take weeks... there are just too many of them.

And sure, a cheap firewall can "block" incoming packets from entering your inside network, but it cannot stop the incoming traffic to it's own external interface, therefor, your line is "soaked", leaving no room for legitimate traffic, ie: 'Denial of Service". Cutting off entire source streams is not an option because you have many paying customers that would also go offline due to your actions, and they don't appreciate that at all. This would only multiply the damage caused by the attacker(s) and this is what he wants.
There is absolutely nothing you can do to stop it except wait for the attacker to get bored and quit.
If the source of the attack is limited to one or just a few dozen source addresses, then yes, an ISP(s) can halt the attack fairly easily.

[js1138]

I think IPs could stop attacks. Once the signiture of an attack is known, IPs could shut down the individual connections and require their customers to purge their machines before reconnecting. This would require an industry wide agreement, but more difficult things have been done.

The email server blacksists are an indicator of what can be done. It would not be technically difficult.