The next layer of the TCP/IP stack is the Internet layer.
The Internet layer is used primarily for addressing hosts and for routing. It does not provide any means for error correction or flow control. The IP layer uses best-effort services to deliver IP datagrams .
TCP/IP Internet layer
IP Layer Attacks
The open architecture of the IP layer makes it an easy target for hackers. Every IP datagram is an individual piece of
information traveling from one host to another. The hosts compile the received IP datagrams into a usable form. Because so
many protocols are in operation at once, it is easy to defeat the proper function of any one protocol.
Hackers will often use a technique called IP spoofing, which is the process of replacing the source IP address with a false IP address. Because TCP/IP's open architecture has no built-in authentication, one host or machine can spoof another's identity. Source-routed IP datagrams, created to travel only a specific path, are used to circumvent security measures such as firewalls.
Another type of IP spoofing is known as a Smurf attack. A Smurf attack sends out a series of pings to a large number of remote hosts. All the remote computers respond to the ping and reply to a targeted IP address instead of to the attacker's true IP address. The target IP address is then inundated with Internet Control Message Protocol (ICMP) packets and can no longer function properly.
The ICMP is used to communicate errors or other conditions at the IP layer. For example, when a host is pinged to determine if it is operational, a ICMP message is generated.
Click the link below to read more about attacks on the Internet control message protocol. Internet Control Message Protocol TCP/IP Definitions
Smurf attacks are an example of a denial-of-service attack. Many companies now filter ICMP traffic at their firewalls.
The WinNuke  refers to a remote denial-of-service attack (DoS) that affected the Microsoft Windows 95, Microsoft Windows NT and Microsoft Windows 3.1x computer operating systems. The exploit sent a string of OOB (out of band) data to the target computer on TCP port 139 (NetBIOS), causing it to lock up and display a Blue Screen of Death.
This did not damage or change the data on the computer's hard disk, but any unsaved data would be lost.
Denial-of-service:An attempt by attackers to prevent legitimate users of a service from using that service by flooding a network, or by disrupting connections or services.
Winnuke: A program that exploits the Windows TCP/IP stack causing Windows machines running an older version of the TCP/IP protocol stack to either crash or lock up.