In this type of scan you can instruct Nmap to spoof packets from other hosts.In the firewall logs it will be not only our IP address but also and the IP addresses of the decoys so it will be much harder to determine from which system the scan started.

There are two options that you can use in this type of scan:

1. nmap -D RND:10 [target] (Generates a random number of decoys)

2. nmap -D decoy1,decoy2,decoy3 etc. (Manually specify the IP addresses of the decoys)