The "INTERNET PROTOCOL (IP)" is the principal communication protocol in the Internet Protocol suite for relaying datagrams acroos network Boundries.This protocol also defines addressing methods (i.e. IP Addresses) that are used to label the datageam with source and destination information.
Internet Protocol address (IP address) is a numerical label (i.e. IPv4 & IPv6 addresses) assigned to each device connected to a computer network that uses the Internet Protocol for communication.An IP address serves two main functions: Host or Network Interface Identification & Location Addressing.
"Your IP address is your passport to the Internet. But it also gives away your location and is used to profile your individual online activity."
In IP Spoofing, a hacker uses tools to modify the source address in the packet header to make the receiving computer system think the packet is from a trusted source, such as another computer on a legitimate network, and accept it.Because it occurs at the Network Level, there are no external signs of tempering.
The ability to spoof the addresses of packets is a core vulnerability exploited by many DDoS attacks.
Sending and receiving IP packets is a primary way in which networked computers and other devices communicate, and constitutes the basis of the modern internet.
All IP packets contain a header which precedes the body of the packet and contains important routing information, including the source address.
In a normal packet, the source IP address is the address of the sender of the packet. If the packet has been spoofed, the source address will be forged.
IP address spoofing is most frequently used in denial-of-service attacks, where the objective is to flood the target with an overwhelming volume of traffic, and the attacker does not care about receiving responses to the attack packets.Packets with spoofed IP addresses are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack.
In this type of attack, the attacker transmits multiple packets to his intended target to receive a series of numbers which are generally used to assemble packets in the order in which they intended to read the packets. ie, in the order of packet 1 to be read first, then packet 2 and then packet 3. In this attack, the hacker is not aware of how the transmissions takes place on this network so he needs to coax the machine into responding to his own requests so that he can analyze the sequence numbers. Now the attacker can inject data into the stream of packets without having authenticated himself when the connection was first established.
In this type of attack, the cracker resides on the same subnet as his intended target so that he is aware of the sequence of the packets. Thus the attack is called the non-blind spoofing.
Distributed Denial of Service (DDoS) Attack:
When a DDoS attack is launched, the IP spoofing is used not to identify the exact machines from where the requests are coming. This makes the DDoS attack more powerful because, it will be difficult to identify the senders and block them.
Man In The Middle (MITM) Attacks
When two machines are communicating with each other, the attacker intercepts the packets sent by the systems and alters the packets with the sending and receiving machines unaware their communication has been tampered.