A friend of mine at cloudatcost was being attacked by lots of servers at colt.net
What i did was get the ip addresses of the attacking servers
sent email to colt which they responded:
"We will notify the client" < In french
So i phoned colt up that it was taking down 80% of the pipe
The guy on the phone said to me: we cannot stop our customers from doing what they want, it is upto them what they are doing with there services, they are paying us, we cant help you if you give us the ip address of the client.
It would be very irresponsible for Colt to do this with no viable framework for verification.
First they would need proof that you are responsible for the IP space, secondly it would need to verified that those IPs are indeed attacking you, Ive seen some numpty interpretations of netstat and other tools before that are just plain wrong/stupid.
Imagine a great scenario, small business uses a local ISP, that small businesses uses a small SaaS say something like a crm, or zoho office, etc.. you call up small ISP and tell them you have a text file (proving the attack - wow a text file, or an png/jpeg/gif - wow an image, they can't be mocked can they?) making out like you are the owner of such and need it stopped, ISP acts on that and hey presto you've caused a great little situation for the small business you hate.
There isnt a universal framework in place for handling such at the moment hence most email to abuse/noc desks regarding DOS traffic flows are ignored, emails (uce/spam) are easier to trace but even those are sometimes met with silence.
You have to face the reality of the situation and dont expect the originating network to handle it (even though I see how unfair this is).