In order to answer the question well, I think I'm going to need a little more info. Most importantly, what port are they scanning you on?

For example, is it 1214? I constantly see people trying to connect to 1214 on my firewall. That's because every day, more and more people are trying out the kazaa filesharing software. And their machines are constantly searching for other kazaa machines to communicate with. It doesn't really qualify a scan, it just means that whoever coded kazaa made it very active in searching for computers to talk to.

Another example is port 113. A lot of times when you connect to an FTP server, the server is configured to connect back to your machine to try to figure out who you are. This is left over from the good old days of the internet when no one really paid attention to security and everyone trusted everyone.

These are just two examples... if you're not comfortable telling everyone what port you're being scanned on, you can always go to a place like www.snort.org and use their online port database tool to find out more about what they are scanning.

With a little more detail, I could give you a more definitive answer, but if it is indeed a scan, then the other answers you're already received are a great start at tracking your attacker.