Catching Port Scanners, or preventing port scans

You can do a whois lookup of the ip and complain to the registered Internet provider, but that
may or may not do any good depending on whether the packets are "spoofed" or not. The best defense is invisibility, using a stealth firewall. What they can't find, they won't bother.
My machine is parked behind 2 hardware firewalls (one on my router and one on my DSL modem.
A port scan fired at my ip address yields nothing, no answer at all on any port.

Kj

It enrages me and I want to find them...and hack them, with something other than a computer...

Move on.

For on, you're not going to stop it. It's a fact of life online and there are far more systems out there doing it than you have time to track (unless you're really, really bored).

Secondly, even if the addresses aren't spoofed you'll find one of two situations in 99.9% of all scans:
Either the source is in some remote country like Romania or China who doesn't give two hoots about your IP, or the source is some poor schmuck whose Windows machine has been hacked and he's part of a botnet or other setup where the real culprit is far removed.
In the former case you're wasting your time. In the latter you're targeting the wrong person and you have no chance of finding the real source.

So consider it noise and live with it. Your life will be much happier.

Yeah I know, it used to irritate me too, but since I added the modem firewall, nothing makes it back
to my computer anymore. I discovered the advantage of running two in series hardware firewalls by
accident. My DSL modem fried and the phone company gave me another one that came with a
firewall. After several hours of tinkering I discovered that if I hooked up my IP phone to the first
firewall (modem) and the computer to router firewall, everything was stealthed including the
netgear skype phone. Before, with just one firewall I always had some ports open that I couldn't
stealth, but with two firewalls there was no problem, even with a virtual server running! I used to get
scanned a lot, maybe I still am, but I can't detect them any more unless I drop the firewall or hook
up to the DMZ.

Kj

Your right Camelot:
Most of those scans are originating from windows zombie machines and script kiddies operating
behind international hacked servers. A few years ago I had a live one that kept flooding my machine
with packets. It took me a couple of weeks of tailing him (he was spoofing packets) and lot of log
analyzing, and using trace, nmap and any other useful tools I could get my hands on, but I finally
figured out his true ip. Using nmap I figured out most likely he was on a Solaris machine, and he
was in a nearby state. He had three ports open, ( I don't remember which ones), so I cut loose an
assault on him with nmap on a windows box. I must have shook him up, because within
30 minutes he closed those three ports (or shut down his machine) and all heavy scan activity
from that IP address range ceased on my end, never to return.

Still the best offense is a good defense.
Kj