Mine seem to be IP spoofing attempts.
I know the orginal source of this odd stream was from Welchavia and other email worm IMAPI exploits.
I am clean on this site having the issue, but the traffic is incredible at times. I am denying all ICMP requests other than type 6 and 8 that is required by the SMTP mail server that I echo.
Not sure what to do about it. The traffic, all denied, can be incredibly heavy at times.