Both MAC and IP Addresses can be spoofed using different tools available to an attacker.
They might carry out a ARP poisoning attack creating a Man In The Middle so they can see all traffic going between host devices and the default gateway of the network. CAM table overflow attack is another were an attacker would send thousands of spoofed MAC addresses into a network to fill up the CAM table of a switch.
Attackers spoof IP Addresses when carrying out DDoS attacks particularly when using reflection attacks. The attacker would set the source address to the end point they want to attack so when they send a request to an open NTP server on the internet using the ‘monlist’ command (which requests the last 600 IP addresses that requested time from the NTP server) the reply will go to the end point that the attacker is targeting and not back to the attacker itself.
ISPs need to be part of the solution by deploying ingress filtering on their networks to stop attackers on their network spoofing IP addresses.