Nice idea, but your method has some drawbacks you should take into account.

If you block the attacker at the same time you send the RST you gained no additional security. So why bother?

If you don't block at the same time then the attacker can find out exactly which packet caused your sniffer to react and either change his code until your sniffer doesn't react anymore or just ignore any RST packages coming from your webserver

If you don't block and an attacker wants to try out lots of attacks on your web server, the RST package might speed up his attacks since he doesn't have to wait for a time out