This is still predicated on correctly identifying "bad behaviour". Given distributed attacks and botnets (often utilising residental / "dial-up" equipment, whether desktops, routers, or IoT (the "S" stands for "security") kit), identifying specific network spaces as hostile still posits a great deal of collateral damage / false positive error.

Mind, I'm strongly in favour of what you're advocating, in theory. And I'm well aware that failing to accomplish this will make the Web far less useful for everyone. But the fundamental challenge remains difficult.