I have no comment on 9, but 10 is fairly valid. Spoofed IP addresses are basically blind attacks. The return packet is sent to the spoofed IP address. DDOS is usually the only use for a spoofed IP. Which is unethical, unusefull and more importantly a waste of good bandwidth. And who wants to waste bandwidth?