HOW DOES IP SPOOFING ATTACK WORKS :-

IP ADDRESS SPOOFING IN APPLICATION LAYER ATTACKS:
For application layer connections to be established, the host and visitor are required to engage in a process of mutual verification, known as a TCP three-way handshake.The process consists of the following exchange of synchronization (SYN) and acknowledgement (ACK) packets :
Source IP spoofing makes the third step of this process impossible, as it prohibits the visitor from ever receiving the SYN-ACK reply, which is sent to the spoofed IP address.
Since all application layer attacks rely on TCP connections and the closure of the 3-way handshake loop, only network layer DDoS attacks can use spoofed addresses.