[chmike]

Bots use real address because nothing is done to track them and require the owner or OS provider to fix them. They currently have no incentive to fix the problem.

Collecting the source IP addresses of a DDOS attack is the first thing that could be done. Then progressive pressure should be put to enforce fixing the computers and get rid of the bots. OS with weak security would then feel the pain.

The day this is done, the next step will be to use forged source IP address. What would be the incentive for ISP to pay the price to filter packets ? As long as no one will be able to prove that the packet is forged, they won't do anything.