You could presumably log some such packets in iptables -- but that assumes you actually receive duplicate packets. If NSA owns a router between you and the target for spoofing, there's no reason that router need to relay the "correct" packet. I know a lot of the text on these attacks states something along the lines of "replies before the legitimate packet arrives" -- I'm just not certain it's that simple in practice.
edit2: Perhaps a logging dns resolver (to track "strange" ip changes) coupled with an iptables rule that uses contrack and logs INVALID packets is a start?
Basically, is there any way to know that you are being targeted?