Looking through my router logs:
20:23:52 23 Aug IDS scan parser : tcp port scan: 184.108.40.206 scanned at least 10 ports at x.y.z.a. (1 of 1) : 220.127.116.11 x.y.z.a 0040 TCP 80->64876 [..AR..] seq 105673427 ack 753172620 win 0
tng@withnail:~$ host 18.104.22.168
22.214.171.124.in-addr.arpa domain name pointer channel30.01.05.sf2p.facebook.com.
A rogue app "tag photos" that one of my friends had installed might well have been the culprit. I got a mail saying I was tagged and of course refused the app install. The app was later reporting that it had been banned by facebook admins. Still, someone @facebook.com ran a port scan on my system.
Be careful out there.