engineering --> ddos and flooding

Filters have a non-zero impact on cpu overhead. Where they end up in the
forwarding path could negativly affect your upstream or other routers in a
fashion that's signficantly worse than the attack on you affects them...

The potential for someone at isp B to do engineering on the way that
traffic from isp A's customers flow to isp B on isp A's routers ought to
be fairly disturbing to most folks. Normally that's something that both
parties have to agree on first.