Are you completely sure that a user at your work is not using bit-torrent, or seeding torrent files? I am not really sure how someone could post a "fake" torrent with someone elses ip... When you upload or seed a file, you have to be active to seed it. If your connection drops before the seed is complete, the file becomes a worthless torrent without a complete seed. No one would bother to try and download an incomplete torrent, and it would have to come from the originating host. No host, no torrent.

I would sniff the traffic and see if an internal ip on your LAN is attempting to use bit-torrent, or other P2P networks. You may have traffic going out from a user, but then your wall is blocking the incoming requests. Find the user and slap his wrists =)