I think there are several issues.

Can you prevent them passively, with appropriate firewall rules? Or do they have multiple accounts, etc?

Will their ISP take action?

Are you sure you've got the right person, and not a proxy or 'spoofed' packet flood?


I think that if all else fails, what choice do you have, other than staying offline? I would try in this order:
[list=1][*]Do your best to determine who it is, what kind of attack, etc. Bear in mind that you might not always be correct, given the use of proxies and attacks staged from shell accounts, etc.
[*]Report it to the ISP.
[*]Attempt to use the right firewall rules to prevent anything from that address or address range, if possible.
[*]If the ISP shuts them down, case closed. If they get a new ISP, start from the beginning of this list.
[*]If the ISP isn't doing anything, and the situation has not improved, after, say, a week or two... If the problem is very serious notify law enforcement. It doesn't matter if they do anything, so long as they know in advance that you've got a problem. Get them to put it in writing if they won't go after the guy. (For reasons like 'small fish in a big sea' or 'we don't have the resources').
[*]Keep records of both your complaint to law enforcement and to the ISP, and keep plenty of firewall logs. Get a second opinion about if you've got the right guy. If nothing improves, and you're still being attacked and can't defend well, then go on the offensive.[/list=1]
The reason I say to keep all these records, is that it is POSSIBLE (though not likely) that someone will take offense at your vigilante actions. Keep those records so that you can prove you tried every other reasonable attempt, and so that you can prove you had no choice but to act in digital self-defense.

And that's what I think of as the best policy if you're a home user and don't want to get on the wrong side of the law more than you need to.