Spoofing IP addresses is wildly more difficult than this, and implausible in the BitTorrent scenario.
* There are no mainstream TCP stacks that have the vulnerability you're alluding to (poorly randomized sequence numbers).
* Even during the Mitnick/Shimomura days, the attack only got you the transmit side, not the receive side; it was sufficient to push an RSH command, but not to dump a file.
* There are network-level controls that make this attack more difficult; for instance, ISPs increasingly do reverse path filtering to ensure they're only egressing traffic from their own ISP space (we'd watch this happen while monitoring DDoS attacks at Arbor, seeing "randomized" source addresses constrained to prefixes from specific ASNs).
There is still IP spoofing, but it's got dollar signs attached to it, significant enough to merit BGP tampering.
When laypersons claim to be victims of spoofing, they are overwhelmingly likely to be full of it.
I couldn't possibly be less interested in the politics of Bittorrent and labels ("Movie theater employees caught sneaking into shows without tickets --- FILM AT 11") and admit to reading this thread only out of masochism, but my nerd brain can't get past 'jrockway talking about IP spoofing; if it was anyone else, sure, but 'jrockway should know what he's talking about here. :)
Usually for any torrent case just being on the tracker is not enough for conviction, they have to record the user sending copyrighted data to the investigator.
In many cases the term "spoofed" is probably used loosely to mean "they stole our wifi". I understand that that's not what the press release claimed, but such excuses still benefit filesharers because all of the industry's lawsuits heretofore have been based on matching IP address to registered ISP user and holding that user accountable for the activity that occurred on their network. Making this excuse, then, only seems to serve the little people that are next on their "to sue" list.
* There are no mainstream TCP stacks that have the vulnerability you're alluding to (poorly randomized sequence numbers).
* Even during the Mitnick/Shimomura days, the attack only got you the transmit side, not the receive side; it was sufficient to push an RSH command, but not to dump a file.
* There are network-level controls that make this attack more difficult; for instance, ISPs increasingly do reverse path filtering to ensure they're only egressing traffic from their own ISP space (we'd watch this happen while monitoring DDoS attacks at Arbor, seeing "randomized" source addresses constrained to prefixes from specific ASNs).
There is still IP spoofing, but it's got dollar signs attached to it, significant enough to merit BGP tampering.
When laypersons claim to be victims of spoofing, they are overwhelmingly likely to be full of it.
I couldn't possibly be less interested in the politics of Bittorrent and labels ("Movie theater employees caught sneaking into shows without tickets --- FILM AT 11") and admit to reading this thread only out of masochism, but my nerd brain can't get past 'jrockway talking about IP spoofing; if it was anyone else, sure, but 'jrockway should know what he's talking about here. :)