Circumventing inbound traffic rule by faking reply traffic

My question is about security groups/firewalls and protecting a virtual private cloud from the external world. Here is a description of VPC default policy for inbound/outbound traffic (on AWS):

Each security group by default contains an outbound rule that allows access to any IP address. It’s important to note that when an instance sends traffic out, the security group will allow reply traffic to reach the instance, regardless of what inbound rules are configured.

I was wondering if there exists an attack vector where a malicious user tries to circumvent the VPC’s inbound policy (i.e. block all traffic) by tricking it into thinking that the incoming traffic is a “reply” traffic? Does such attack have a name in the literature?

I can also think of a scenario where a target machine T (within a VPC) sends a request to some valid server V, but the malicious user M sends a malicious response to T (tricking it into believing that it comes from V) before T receives the actual response from V, thence circumventing T‘s inbound traffic policy.

Player’s Circumventing the limitations of Wish

So I know that Wish is meant to be a really powerful spell, but some of my players from my group (I am the DM) seem to have spent some time into getting around the limitations of Wish. Now, I know that in order for no adverse (other than a mishap) you must replicate a spell of 8th level or lower, with anything else becoming a probability for you to never cast a wish spell again. You could wish for a magical weapon but that would be likely to transport you someplace where the weapon currently resides. I know that the Wish, if making something, must remain within three hundred cubic feet, or you could completely heal 20 creatures, or any number of weird stuff. Some of my players spent a large amount of time trying to create some wishes so that I cannot twist nor corrupt their wish. Now, I also know that they cannot just wish for something like 45 points of Dexterity, but they are legitimate wishes. One of them ran along the lines of “I wish for the immediate and complete obliteration of all (insert monster here, in this case it was the Tarrasque) in this plane of existence with absolutely no adverse side effects whatsoever.

How would a DM handle such a wish? Furthermore, if players are putting that much time into such a wish, would that even be considered abusing that power? I realize that they might never cast that spell again due to the 33% chance of never being able to cast it again, but I honestly believe telling them that their spell fails is an absolute last resort. I would prefer if the answers came from experience and not conjuncture.