Good idea but the trouble is that often you pay for outbound traffic, so sending GBs of rubbish out may come costly.

Better approach may be holding the attacker connection open and trickle feed it just enough for it to not time out.

Look up Linux iptables TARPIT module for one such way.