IP spoofing is a technique woven through many DDoS attack vectors, the forging of a packet's source address, and validating a defense against it is part of a thorough DDoS test. Because UDP is connectionless and requires no handshake, an attacker can stamp any source IP onto a packet. That single capability underpins reflection and amplification attacks (the reply is delivered to the spoofed victim) and lets floods evade source-based blocking.
Why it matters in DDoS testing
Spoofing changes what a defense can even see. Per-IP rate limits and reputation feeds are useless when every packet carries a different forged source, and blocklists chase addresses that were never real. The structural countermeasure is ingress filtering (BCP 38) and uRPF at the network edge, which drop packets whose source could not legitimately arrive on that interface. A test characterizes whether those controls are actually deployed upstream or merely assumed.
For how spoofing-resistant resilience is measured, see DDoS Resilience Testing.