BipBop wrote:
Even though the source ip is different, all the packets are originating from the same mac address and are targeted towards some common ports like 22, 135, 8080 etc.
That's the MAC address of the router between the Internet and you. MAC addresses are only used to identify entities within the same local area network (in the Linode architecture, a /24 subnet). Anything beyond there will (hopefully) have the MAC address of a router.
(Edit: Also, there is no "someone" or "the scanning user"; there's probably hundreds of thousands, if not millions, of computers out there which are doing this continuously in an attempt to bring your computer into their collective. Anthropomorphizing this activity into that of "some guy" is not a good way to think about it.)
_________________
Code:
/* TODO: need to add signature to posts */