a:  You send an IP packet with someone else's IP as source IP. For example, if some server holds a list with administrator IPs (that being the only protection), you could IP-spoof an administrator (assuming you know their IP) and do some stuff. However, in the most basic form you don't get the reply, because it's directed at the spoofed IP address.

    You don't need to do anything special. Just send the packet. That does mean you need access to a somewhat lower level (you would need root rights). It would also be good to know the IP of the machine you want to pretend to be.

b:  Both protocols have a checksum in the header that won't be valid any more after modifying the source IP address

c:  The handshake:

    Mallory             Alice               Bob
    SYN-SENT    --->    LISTEN                          # the SYN, supposed to flood Alice
                        SYN-RECEIVED  --->  ESTABLISHED # Alice SYN-ACKs the SYN to Bob
                        ESTABLISHED   <---  ESTABLISHED # Bob could, depending on the implementation, ACK the SYN-ACK, establishing a connection

    If the latter happens, the connection doesn't remain in the SYN queue, and as a result the SYN queue will never flood.

d:  Mallory             Alice                           Gateway
    SYN-SENT    --->    LISTEN
                        SYN-RECEIVED  --find Ursula-->  FIND-URSULA
                        LISTEN        <--unreachable--  NOT-FOUND

    Alice will make an attempt to reach Ursula through a gateway using ICMP. The gateway however cannot find Ursula, and will respond with a `Destination Unreachable' ICMP message. Alice will then no longer expect to get her SYN-ACK to Ursula ACKed, so she will remove the connection from the SYN queue. Again, the SYN queue will never flood.

e: