Directory security

I am running a web-site using IIS 5.1 and am being subjected to what looks
like a very primitive attempt at a denial of service attack. The hacker
apparently has a script which keeps sending GET / (folder name) (with the
name of a folder on my website substituted for (folder name)). He is doing
this in sequence from five different IP addresses. All it gets him is a 403
and it uses very little bandwidth so it really doesnt keep anybody from
accessing my site. It does clutter up my log file, however. I notice under
Directory Security there is a category "IP address and domain name
restrictions" which, unfortunately, is greyed out in IIS 5.1. Is there any
way I can get this feature or do I have to buy IIS 6.0 to get it? I am on a
network with an Actiontec gateway (DSL) which doesn't permit me to filter
requests from specific IP addresses. Basically, I would like to stop this
guy further upstream to keep him out of my hair. I did contact my ISP and
Qwest, but no luck. His addresses are all Qwest addresses. Thanks.