Null route the ip being attacked, not the ip attacking. Of course this assumes you have a network consisting of more than a single ip.
Anyway this is basically the best way to handle a DoS. Otherwise you basically need to have the bandwidth/resources to endure the attack. Many providers will allow either a remote-triggered black hole session to their BGP router or allow a burst rate above your committed bandwidth if the interface allows for it.
This is the simplest way to handle a DDoS, not the best. Well, might be best from the provider's point of view. The best solution is to scrub the attack and let legitimate traffic pass through, but they decided to pay $400 instead of $6000.
@OP: a simple Google search gives you quite a few options on solving this problem. Just input "ddos protection" and hit Enter. You'll find that there are a lot of companies providing the exact service that you need, for less or more money than Rackspace, with "instant" setup. I used quotes since it takes a while until the new DNS entries will propagate, but you DO have options. Since you got scammed once, there's a good chance they'll try it again, so I suggest you try to be prepared for the next time.