While your logic is solid and I do think this would be ideal I struggle to see how this would work.
Dropping bombs on a walmart store is clearly unwelcome, sending traffic to walmart's website? Much less clear. You can guess based on the traffic pattern but the only way to really know is to ask walmart if this is welcome traffic (not just a burst because some new product came out). Especially since many cases are DoS with encrypted TLS traffic that looks much like any other traffic to an outside observer.
However much of the protection is threat of retaliation ("if you drop bombs on us we will flatten your country"). So maybe that is the solution here, the government should treat these attacks as real threats and punish those responsible.
It provides the first part of my post, authenticating the packages.
The second part is cutting out misbehaving connections. On this case on the article, it would be trivial, and governments should be on the ISP shoulders making them make call everywhere and cutting some of their clients. But there are many attacks where the ISPs don't have enough information to act if they implement something like BCP38.
Dropping bombs on a walmart store is clearly unwelcome, sending traffic to walmart's website? Much less clear. You can guess based on the traffic pattern but the only way to really know is to ask walmart if this is welcome traffic (not just a burst because some new product came out). Especially since many cases are DoS with encrypted TLS traffic that looks much like any other traffic to an outside observer.
However much of the protection is threat of retaliation ("if you drop bombs on us we will flatten your country"). So maybe that is the solution here, the government should treat these attacks as real threats and punish those responsible.