So we spoof the source IP on the SYN and just send it.

The source IP is also there, always there.

He wants to know about DDoS and spoofing the source IP.

And another four bytes is for the source IP, the IP address that it came from.

It doesn't care anything about the source IP.

Oh, and the source IP of the knocking packets.

Therefore, the security of a web site can be improved by verifying that the source IP is consistent throughout a session.

The source IP is the IP to which you send the return traffic.

In these denial of service attacks, the source IP is being randomized on purpose so that you really don't know if it's legitimate or not.

And you can't use the source IP.