uRPF (unicast reverse path forwarding) is a network-layer defensive control, one of the anti-spoofing mechanisms a thorough DDoS test helps validate at the edge. When a packet arrives, uRPF checks whether the router has a route back to the source address out of the interface the packet came in on. In strict mode it drops packets that fail the check, discarding traffic with forged source IPs before it propagates.
Why it matters in DDoS testing
Source-IP spoofing is the foundation of reflection and amplification attacks: the attacker forges the victim address so responses flood the target. uRPF, alongside BCP 38 ingress filtering, removes that capability at the provider edge. Testing confirms whether anti-spoofing is actually enforced rather than assumed, because a single mode misconfiguration reopens the door. The reflection and amplification classes uRPF blunts are covered in Understanding DDoS Attack Vectors.