An Internet protocol (IP) address is a computer’s address on the Internet. IP spoofing allows a computer user to mask his IP or make it appear different from what it actually is. IP spoofing is generally used to do one of two things; conceal the identity of the spoofed computer or make the spoofed computer appear as something other than what it is. While there are legitimate reasons to spoof your own system, in a majority of cases, IP spoofing is used to cover up illegal or unethical practices.
In order to understand what IP spoofing is and how it works, it is necessary to know a little about Internet protocol addresses. In the same way that a home address tells the exact position of a house, an IP address tells the location of a computer. Every computer has an IP, which is usually assigned to them by their Internet service provider (ISP). This IP address allows information intended for your computer to find you amidst the millions of other machines connected to the system.
Packets of information sent over the Internet contain the address of the sender and their destination address. From the IP address, it is possible to find the issuing ISP. Most ISPs assign IP addresses in location-based blocks. Every person within a certain geographical area has similar IP addresses. It is easy, therefore, to track the basic location of any IP address connected to a system.
If a person engages in IP spoofing, then the sender address in the packets is missing or altered. When the connected system attempts to find out where the information came from, they get the wrong information, or none at all. This result is similar to blocking caller identification (ID) on a telephone.
IP spoofing is generally used for one of two things—launching Internet-based attacks and gaining unauthorized access to a computer system. The most common type of attack is a denial of service (DoS) attack. In a DoS attack, the attacking computer sends as much information as possible at a target server in an attempt to overload it. The information packets sent out contain random, often unintelligible data, and the sending address is randomly generated or removed entirely.
When gaining unauthorized access to a system, the spoofer alters their address to that of a trusted computer. If two computers are designed to trust one another—for instance, computers in different governmental departments—, they don’t require passwords or security to exchange information. By making the spoofer’s computer appear to be the first department's computer through mimicking its IP address, it is easier to access the information on the other.