Is it possible to detect and block TCPCopy traffic?
As TCPCopy apparently only captures and replicates arbitrary IP traffic to divert somewhere else by just rewriting address information with no application-specific encapsulation, there is obviously nothing that would make this diverted traffic identifiable or discernible from direct traffic hitting the target.