I *could* do this ... but, remember, I want to *dynamically* do something like that - i.e. go out to my border router and add a deny entry for the offending IP.

I *could* do this upstream ... but I can do it myself (and I can post the IP to a "wall of shame"!), so I'd rather not bother the upstream ISP about this.

Good suggestion, though - if it were more than just script kiddies / rootkit kiddies, then I think I'd go your route. However, as it is, they don't seem to be well versed, so I don't *think* it's a big deal yet.