Sorry your experience has been different, this is definitely one of those YMMV kinds of deals. That is a significant attack by most anyone's standards. Getting to the right security team usually ends up being the challenge. Once there however we have found many providers do a great job of dealing with attacks quickly. Use of BGP triggered blackholes can be a great help and going to the NOC/Abuse team with lots of good information from the start helps you get to the people that can pull the attack of quickly. You have to remember that, like all of us, larger service providers have their share of low clue factor customers. The quicker you can help them realize that you have a fairly high clue factor the quicker you'll get to folks on their side with a high clue factor. During times of outages, attacks, etc. it is easy to get agitated quickly and that often times doesn't help you get through the first couple of barrier noc techs.
Okay, making this an operational issue. Say you are attacked. Say it isn't even a botnet. Say a new worm is out and you are getting traffic from 19 different class A's. Who do you call? What do you block? How can a noc team here help? "Please block any outgoing connections from your network to ours on port 25? Please?" I tried this once.. it doesn't help. I ended up blackholing an entire country just to mitigate it a bit, for a few hours. Any practical suggestions? Gadi.