Spoofed source IP in scans (decoys) - what to do?

["Niloc" <niloc () softimage com>]

Hi,

I have had quite a few scans occuring on a host lately and the scanning
method
includes the use of "decoys" (in nmap) or spoofed source IP addresses.

Of course my problem is that I don't want to blindly deny traffic from
all the source IP addresses that appear to be scanning me since I might
block legetimate traffic from them.

I am wondering what my alternatives are? What would be a good method
to find out which IP is really scanning me?

Thanks for your help.

Niloc.