The odds that you'd even be fighting back against the true attacker are vanishingly small. These guys always have access to compromised systems, which they use to launch attacks. You're never going to see a connection from their "real" IP.
At best you'd drop one of their bots. And maybe alert its owner that it was compromised. Of course then he'd have your IP as the one that knocked him down.
Feh ... I'm going to go work on something less depressing.
PS: Thanks for the hard work, Mike.