the paternalistic "just remove the temptation" approach is offensive because it makes the starting assumption that the other people on the net are out to rip you off. it also makes the assumption that you'd rather they try and fail than that they try and get kicked out of an IXP. it's true that third party BGP is often the wrong solution, but it is sometimes the right solution, too. pointing default at someone is not unlike sending spam, in that both are theft of service. i know that in the case of spam we try where possible to make it useless to inject spam, but that our strongest weapon has always been and will always be cancelling accounts, UDP'ing whole domain names, and blackholing network blocks. a bad person ought not be presented with "if i do this it may not work" but rather "if i do this i will be wiped off the face of the 'net." port filtering makes all the wrong assumptions and solves none of the underlying problems. it is, however, easier than doing the right thing.