[lqdc13]

This is not an easy problem.

You need a lot of data and a lot of current regularly updated information about websites being attacked or current known CnC servers. Also, there is a privacy aspect, so you can't send a lot of the data or even hashes of things to the cloud.

Such solutions might be more appropriate for workplaces in large companies and they already have things like SRX firewalls that have DDoS features.

[ikeboy]

How about a simple list of devices and a way to limit bandwidth per device, with sensible defaults (very few IOT devices will need more than 100k/s, the main exception is video cameras). It can allow "burst" bandwidth but limit, say, the total used per six hours.

Disclaimer: this is off the top of my head, there may be reasons it would fail.