As ever, it is very difficult to make an "Active response" defence system that doesn't create potential DoS attacks itself. Ultimately you need a human with their finger on the trigger otherwise your potential for "friendly fire" is high.

It only takes someone to work out what type of traffic triggers it, then spoof it from legit sites, and bingo! DoS