[nitinics]

You should trace the attackers by tracing back. Work with your upstream providers and mailing lists (NANOG) and publicly shame these attackers. Likely, they are spoofing addresses - validate that and make sure you let the network know where the spoofed traffic is sourcing from to follow BCP38 and BCP84, defined by RFCs 2827 and 3704.

[Nyr]

Assuming it is direct spoofed traffic and not a reflection, naming and shaming will accomplish nothing. Names of the big ISPs allowing this are not a secret.

[MichaelGG]

Transit providers do not care. They make money on it, some people are using it legitimately, and they just don't care, for the most part. It's a well known problem. It might not hurt to mention it, but they know what they're doing.