It depends, some attacks rely on spoofing source address.. This should not be possible and is easily detectable by ISPs as illegitimate traffic. As far as my other suggestion, it would be a user accessible API. Whomever controls an IP should be able to instruct their ISP what is/isn't legit traffic, so the ISP does not have to know anything.