Couldn't they use something like cloudflare to have the IP point to local servers?
Then the traffic is split on location, with each edge server taking only local requests. That should greatly reduce the incoming traffic, at which point they can try to filter out the 'bad'.
Indeed you would not be able to. CloudFlare only does HTTP/HTTPS right now. Technically since Nginx can also support SMTP they should be able to do that as well but it's not implemented currently. Basically if you want to protect SSH it would have to be a provider that does layer-level protection like Prolexic.
Well, cloud flare can certainly forward (or not forward, in the case of bad) ssh traffic. But they would need to dedicate an IP to your account, or provide you with a port number to use.