Using the following scenario, an attacker sends a specially crafted packet to the web server (200.1.1.1). Within the IP header of the specially crafted packet, it has a source IP address of 203.155.182.1, which belongs to the potential victim machine and not the real IP address of the attacker. When the web server receives the packet and has to respond, it sees the sender's IP address is 203.155.182.1 and sends its response to the victim machine instead of the attacker:

Attackers primarily use IP spoofing as a technique to bypass any filters, access lists, or even security appliances that act as countermeasures for spoofing attacks. The goal is to find a way into a network by tricking the system into believing it's a legit packet.

In this method, the attacker creates IP packets with a fake source IP address to hide the identity of the sender. Attackers use IP spoofing to overcome security measures, such as authentication-based IP networks. Attackers use randomly chosen IP address and spoof the original IP address to perform the DoS attack.

When two computers communicate, information about the IP address is placed on the source field of the packet. In an IP spoofing attack, the source IP address in the packet is not the original IP address of the source computer. By modifying the source IP address, the original sender can make the victim machine think the message originated from another source and therefore the sending machine or the attacker will be protected from being tracked.

Various options where IP spoofing can be used:

• Scanning
• Hijacking an online session
• Flooding