Old School (Score 1)

Spoofed IP addresses work on Raw Sockets at the IP level. So they will bypass most firewalls, routers transparent pf'in bridges etc... or can be used for smurf attacks where your IP routes incomming traffic to a pre-defined ip for say denial of service attacks. Arp runs on IP level so man in the middle attacks (overwrite arp cache) may be possible. Read Wright/Stevens it is pretty scary. PCB Raw IP not good. for DNS i'm going back to Hosts file block all udp non http tcp.