How to stop the zombies
Most, if not all DDOS attacks come from Zombies, that were almost always compromised due to the PC owner's system being unsecure, or the user doing stupid things like opening attachments from people they don't know, not having a firewall or a filtering proxy, and not scanning for viruses.
My proposal: create an international treaty, whereby all zombie IP addresses captured in a DDOS attack can be traced back to accounts at ISP's or corporates, and the owner of the PC in question either pays a nominal fine (about the same as a small speeding fine) or gets their IP blocked from Internet access for a week or two. Most of the proceeds of the fine should go to the affected parties to compensate them for loss of business.
It is almost impossible to block a DDOS at the destination network, at least not without bogging down the equipment. We need stop it as close as possible to the source.
Making users liable for incidents involving their machines will give them a definite incentive to use and maintain them properly, or get someone else to do so if they are unable.