spoofed syn flooding

[brspengler () SALISBURYMD ORG (Brad Spengler)]

hello.  recently one of my machines here was attacked by spoofed syn flooding.  the host was
attacked on port 143 (imap)..however i wasn't running that service.  i have contacted
abuse () bellatlantic net, who owns the internet connection of the host on my network.  i sent
them logs of the attack and of the cpu utilization of the system during the attack.  i was
wondering what other information i should have/use and what sort of action i can take against
this? i know that the isp can trace the packets through routers back to the attacker, however is
there any legal or other action that can be taken? any help at all would be greatly appreciated.