Ummm... I might be missing something here... but, tracing to the original destination address, as indicated in the payload, the source address (of the "attack") comes back with a dest_unreachable... indicating that the route goes through your "attacking" host and that you/it can't get to the ports on the server in-question... (mail.nexusds.com)

Code:
traceroute to 205.233.93.249 (205.233.93.249), 30 hops max, 40 byte packets
[...]
 8  64.125.30.158  84.689 ms  80.973 ms  82.536 ms
 9  64.125.12.38  82.477 ms  81.985 ms  84.070 ms
10  206.108.103.121  83.577 ms  82.821 ms  83.219 ms
11  206.108.103.113  91.802 ms  93.423 ms  93.983 ms
12  64.230.242.102  92.680 ms  94.281 ms  94.056 ms
13  64.230.229.10  93.024 ms  92.928 ms  92.665 ms
14  64.230.219.238  94.574 ms !X *  94.844 ms !X
Yeah, ICMP dest unreachables could be used by a malicious source to map your network, but... in this case I think (qc.sympatico.ca) might be doing it's job and saying you "can't reach that host on those ports," etc. Do you have something from that host that's trying to connect? Perhaps something trying to "phone home" or the like?

Ever hear of Nexus Data Systems? Perhaps they did a web page or form for you and it's sending mail or data back to them or something...???

Bah... teach me to reply and not read to the end of a thread... yeah, ident would do it. One of the reasons you should always reject/refuse (as compared to drop) identd... thanks to MS for not following yet another standard.