This presentation summarizes over a year of operational experience in tracking denial-of-service attacks across a large regional ISP. We present measurements and observations on attacks ranging from small floods targeting dorm-room IRC servers, to all out, well-coordinated attacks against elements of the backbone infrastructure. In collaboration with backbone operations/engineering staff, we deployed analysis and probe machines at the peering points and major customer access points in a Michigan provider's network. The measurement infrastructure combined Netflow collection with network topology statistics to identify attack ingress points and trajectories. The presentation will highlight some of the operational challenges we faced as well the successes.