IMMO, hack backs will always be a controversial question due to the fact that one may feel in the right no neutralize an attacking system, but what if that system is mearly a zombie, and Joe Average user doesn't even know what his only-4-checking-email-computer is doing...

Soulemans solution may be the right way to deal with it, block their IP or if you're really upset then tracert them and report them to the abuse@their isp. Even if they don't know they are compromised, an email/cut-down from their ISP will definitly ring some bells.

I've read here on AO that a good nmap scan back sometimes is what it takes. If he's really trying to hack you he will know YOU KNOW, and possibly stop being such a lammer.