Why can't everyone else then block the customer? Get the big 5 tech companies to block IPs that are shown to do DDOS, for say a 24hr period, and you will see how quickly they unplug that IOT Toaster
Speaking as not-me, the average, non-technical homeowner who just installed his new internet connected washing machine at home.
Great, now I can throw in a load and get a notice on my phone when it's done. This is awesome! (3 hours later) Wait, why can't I get to the internet? I call my ISP, they tell me that my connection is fine (it's tech support, they aren't security experts). But, I tell them, Google doesn't work for me. They do some tests, everything should work. I bitch, moan, cry a little, rage quite my ISP and sign up with someone new. It works for a few days until my washing machine (having been offline for a bit) gets exploited again.
I still don't have a clue as to why I'm being blocked from Google and company. Maybe they kick back a message as a 4xx (what would be appropriate?) that says my network has been hacked. But I've seen those sorts of things all the time in ads, I know that's just someone trying to scam me, convince me to run something that'll install a virus on my computer.
Must be my computer! Damn Dell piece of shit. I can't afford a new one. Maybe that neighbor kid can come over again and help me out with this.
($200 and several trips for the neighbor kid later it's still not solved)
As you said, some sort of message would have to be the way. A 4xx probably won't cut it but something like the messages Google shows you when asking for a captcha is fine.
My point is that there will be a cost, and that taking action against vendors won't be enough (sp. if they are in a different country, are no longer in business, etc.)
Not very quickly? First, you wouldn't know why you were disconnected. You would try the standard things first (plug and unplug your router, etc). Then maybe after a while you would call your ISP. Get put on hold a bunch. Your ISP tech support probably won't know much either, since in your scenario it isn't the ISP doing the blocking. They MIGHT test the connection, or maybe they just give the customer a new IP address.
It is going to take quite a while in this scenario for the user to realize it is their IoT toaster that is causing the issue.