Distributed Denial of Service attacks (DDoS) are a major threat to the Internet and detecting this kind of attacks as far as possible from the victim and close as possible to its source is a real challenge. We propose a new framework named FireCollaborator to deal with this problem on the Internet Service Provider (ISP) level, based on collaborating Intrusion Prevention Systems (IPS). A potential victim asks and pays the ISP to be protected. The key point is to use compressed metrics (i.e., frequency and entropy) based on the routing rules in order to extract suspected flows. The information and alerts are shared amongst the IPSs to enhance their believes about the network status and thus to counter the attacks far away from the victim and to save the network resources.