Abuse reporting based on whois

[fbsd_user]

My ipfilter firewall is blocking  35 to 150 un-solicited inbound
port packets per minute coming from all over the world. I have an
dynamic IP address assigned by my ISP, so I know the senders are
scanning an whole subnet range of IP address for the ports they are
interested in.  I have to pay for this background packet noise in
bandwidth usage surcharges.  I decided to research and try to build
an process to report this abuse to the ISP's who own the source IP
address that is scanning the whole subnet ranges of IP address I
belong to.

I pieced together an perl script from many other sources that reads
the ipfilter ipmon log creating an structured file with the source
and target ip address padded with zeros to sort the source ip
address into sequence, then I read the sorted file and do an whois
lookup on the source ip address and scan the whois output for an
abuse@ domain name building an email including the log records as
evidence and send it.  This process only found abuse@ email address
for about 30% of the abusive port scan traffic being blocked.
Manually doing whois on some of the remainder, I see many different
reporting abuse email address.  I guess abuse@ is not an standard
naming convention.

An I going about this the correct way, or is there some other way I
should be doing this?
Is whois ip addr the only way to find the owner of the ip address
block?

Do any of the readers of this list have an perl script that does
something like what I an trying to do, that they would share, or
exchange in return for receiving an copy of mine?

I have been down the www.dshield.comm path already and they do
nothing to report all the port targeted packet traffic.

Any comments sure would be helpful.

Thanks