In computer networking, IP spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, in order to hide the identity of the sender or to get passed By another computer system. One technique that a sender can use to maintain anonymity is to use a proxy server.
The basic protocol for sending data over the Internet and many other computer networks is the Internet Protocol (IP). The protocol specifies that each IP packet must have a header that contains, among other things, the IP address of the sender of the packet. The source IP address is normally the address to which the packet was sent, but the sender's address in the header may be altered so that the recipient appears to be coming from another source. The protocol requires that the receiving computer return a response to the source address, so that impersonation is mainly used when the sender can anticipate the network response or does not care about the response.
IP spoofing with the use of a trusted IP address can be used by network intruders to overcome network security measures such as IP address based authentication. This type of attack is most effective when there are trust relationships between machines. For example, in some corporate networks, it is common for internal systems to trust each other, so that users can log in without a username or password, as long as they are connected from another machine on the internal network. By forging a connection from a trusted machine, an attacker on the same network can access the target machine without authentication.
IP spoofing is most often used in denial of service attacks, where the goal is to flood the target with an overwhelming volume of traffic, and the attacker does not mind receiving responses to the attack packets. Packets with counterfeit IP addresses are more difficult to filter, as each fake packet seems to come from a different address, and conceal the true source of the attack. Denial-of-service attacks using spoofing typically randomly choose addresses across the entire IP address space, although more sophisticated sophisticated mechanisms could prevent unlinked addresses or unused portions of the IP address space. The proliferation of large botnets makes spoofing less important in denial-of-service attacks, but attackers often have spoofing available as a tool, if they want to use it, so defenses against denial-of-service attacks that they depend on Of IP address validity in attack packets could have problems with fake packets. Backscatter, a technique used to observe Internet denial-of-service attack activity, is based on the use of IP spoofing by attackers for their effectiveness.