Q3 2021 brought two new DDoS attack vectors, potentially posing a serious threat, including for major web resources. A team of researchers from the University of Maryland and the University of Colorado Boulder found a way to spoof the victim’s IP address over TCP. To date, amplification attacks have mostly been carried out using the UDP protocol, since it does not require connection establishment procedures and allows IP spoofing. In contrast, the TCP protocol implements a three-way handshake in which the client and the server establish a connection and confirm they are ready to exchange traffic. If the victim receives a response from the server to a request they did not send, they simply discard this response.