HOW DOES IP SPOOFING ATTACK WORKS :-
A user accesses the Internet from his/her local computer which has the IP address “192.168.0.5”. When an IP spoofing attack occurs, this address is hidden and the user sends the packets indicating the spoofed IP address “192.168.0.6” which is an authorized IP address. These IP addresses are used to identify each computer in the network. In Internet communication, the data is transferred in the form of packets. ie, the client sends web requests in the form of data packets to the server and the webserver sends back the responses in the form of data packets. When a client sends a packet to the server, the packet will have the IP address of the computer it is coming from. When an IP spoofing attack occurs, this source details that IP address which specifies the sender of the packet is not actual, but a bogus IP address which is permitted to access the website. This will make the server handle the request packet as it is coming from the permitted user. Thus the server grants access to the attacker and it can cause various security threats. This is how the IP spoofing works.IP ADDRESS SPOOFING IN APPLICATION LAYER ATTACKS:
For application layer connections to be established, the host and visitor are required to engage in a process of mutual verification, known as a TCP three-way handshake.The process consists of the following exchange of synchronization (SYN) and acknowledgement (ACK) packets :
Source IP spoofing makes the third step of this process impossible, as it prohibits the visitor from ever receiving the SYN-ACK reply, which is sent to the spoofed IP address.
Since all application layer attacks rely on TCP connections and the closure of the 3-way handshake loop, only network layer DDoS attacks can use spoofed addresses.