Reflection/amplification vectors, wherein a device or service on the internet is tricked into sending large responses to a spoofed source IP address, are the most common form of new DDoS attack vectors (despite them becoming less effective). This kind of attack often takes the form of UDP-based service with no authentication, which sends large replies when a specific spoofed trigger packet is received. Some TCP services also can be used for this purpose; however, this is less common because doing so usually requires a three-way, non-spoofed handshake before responding.