I think that firewalls should automatically report all unauthorized attempted entries to a central database with date, time and port number. After a while, there would be a trail of where these twerps are coming from. ISPs could be alerted that their systems are being abused and with date, time and port numbers a lot of the twerps could be pinpointed. There are some attempts now to store data on spammers.
It would bust the training wheels off of the less tricky hackers.
There is a firewall software for Macs that sends reports back to ISPs that unauthorized port scans are coming from, that's a good start.