I use Linux, but I get a lot of stuff that looks like attempts to attack Windows machines. Once in a while I take a few minutes and send Windows Messaging service messages to these people. Samba and the smb tools bring along all of the stuff you need to do it.
You’ve got to open ports 135 and 139 (and probably at least one other) on your firewall so that you can send packets out of them. Then you need to find the NETBIOS name that matches the IP address of your “attacker.” Once you have that, you can send them a nice little text message that says “Some one has hacked your machine, and it is attacking mine. Please update your AV software and install a firewall.”
I can do this safely on my machine because I don’t have the Samba services running.
Do NOT do this from a Windows machine. When you open the ports to get in contact with your “attacker,” you also open yourself up to having files read from your machine through the Windows sharing stuff.
In about half of the cases, I’ve been able to get the NETBIOS name and send a message to the “attacker.” Those are the truly clueless ones. They have no firewall, still have the Windows Messaging Service running, and have no AV software. A sadder bunch of PC users you will never see.