I'm getting increasingly pissed off by these simple-minded wankers port-scanning my connection for the Netbus server, somedays I get "sniffed" over 30 times an hour.

Norton's nearly always tells me the offending IP address is very similar to my own, usually only the last 3 digits differ. When I check it with a trace & ping it always shows a "live" connection, with the domain being the same ISP as my own.

While I like to think I am annoying them back by setting up wsftp to ping them with 10,000 packets, I'm not sure I'm annoying the actual asshole who was scanning me.

Is it possible these sad fucks are first finding an IP close to my own that is a "live" connection, then spoofing it so the wrong IP is blamed for the port scan?

get yourself port scanner and scan his ip. most often you get some webserver - either running proxy, or maybe compromised, or whatever. It's not easy to find the actual offender. Lot of times it's just false alarm.
Even if your Norton resolves his ip as something like adsl.texas.net still no way to know it's his ip, could be just his provider router

What I do when people are probing my 139 i hit them back with a trace and a scan of their 139.

Goes like this:

Open MS-Dos

type: nbtstat -a IP