Can you determine if this is probing or more of a DOS attack, where the attacker tries to open up tons of dud connections, or get the server stuck in a localhost-loop? With a spoofed ip connection like this, that's not meant to be returned to the sender, it pretty hard to do any tracing, you could report the traffic to your ISP and that's about it, an advanced spoof where they use redirects and what not, so that the traffic does return to them(indirectly) then you have something to work with, most spoofed attacks though, are by brainless skiddies who don't understand that if they use some spoofing software to hide their IP address, the target has no way of responding, thus making their probes worthless.