Good luck with that, taking out the 'drones' is like trying to hold the tide back. For every drone you stop, two or more replace it. To really stop this you need to locate the 'command' nodes and shut those down.
Only if you go 1:1 with it... when you tell them a DDoS is happening, the word tends to spread and they begin looking for servers. If everyone does exactly nothing about it, then nothing gets done.
The providers response tends to be hmmm.. I have a hundred thousand ip's smacking one IP here... Impacting my other business.. what to do.... Hmmm one vs thousands... Okay lets blackhole one upstream.. Other clients happy, one client unhappy.
Then there is the fact of where 99% of the traffic is coming from.
You start doing whois's and reverse lookups on things and get responses like this:
netname: CHINANET-HB
descr: CHINANET Hubei province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088
netname: SPECTRA
descr: Spectra ISP Networks Private Limited
descr: 42, Okhla Industrial Estate
descr: Phase III
.in-addr.arpa. not found: 3(NXDOMAIN)
and so on...
and IF you happen to get a response on that, it will generally be a end user (cable modem or some such)
In short there isn't much that _can_ be done about it. The numbers favor the attacker.
If you have the IP what about doing a tracert to see where exactly it comes from? Though I'm guessing that may also give you roughly the same information as doing the whois and reverse lookups.