Most hackers are smart enough not to directly use their own machines to hack, especially not for e.g. port scanning. They do the dirty work from already hacked machines, sometimes a chain of multiple systems. So a traceroute usually doesn't really tell you much, other than that some grandma somewhere with cable access e.g. in the US didn't do a Windows Update, or some Linux hobbyist didn't update or secure their box. Also many scans are trojans or viruses automatically looking for other vulnerable boxes to infect.
I opened up an empty /c SMB share (SMB = "Windows Sharing" for Linux) on a Linux box some months ago just to see what would happen to it. Many viruses on infected systems out there would copied themselves to the share, e.g. into /c/windows etc, all day long. But I never saw a single human try to access the system.
I also see at least several hits a day in my Apache logs, if I have it open, pretty much all seem to be automated scans from trojan-infected systems.
I opened up an empty /c SMB share (SMB = "Windows Sharing" for Linux) on a Linux box some months ago just to see what would happen to it. Many viruses on infected systems out there would copied themselves to the share, e.g. into /c/windows etc, all day long. But I never saw a single human try to access the system.
I also see at least several hits a day in my Apache logs, if I have it open, pretty much all seem to be automated scans from trojan-infected systems.