Editing IP address spoofing (section)

==Applications==
IP address spoofing involving the use of a trusted IP address can be used by network intruders to overcome network security measures, such as [[authentication]] based on IP addresses. This type of attack is most effective where trust relationships exist between machines. For example, it is common on some corporate networks to have internal systems trust each other, so that users can log in without a username or password provided they are connecting from another machine on the internal network – which would require them already being logged in. By spoofing a connection from a trusted machine, an attacker on the same network may be able to access the target machine without authentication.

IP address spoofing is most frequently used in [[denial-of-service attack]]s,<ref name=":0">{{Cite journal |last1=Veeraraghavan |first1=Prakash |last2=Hanna |first2=Dalal |last3=Pardede |first3=Eric |date=2020-09-14 |title=NAT++: An Efficient Micro-NAT Architecture for Solving IP-Spoofing Attacks in a Corporate Network |journal=Electronics |language=en |volume=9 |issue=9 |pages=1510 |doi=10.3390/electronics9091510 |issn=2079-9292|doi-access=free }}</ref> where the objective is to flood the target with an overwhelming volume of traffic, and the attacker does not care about receiving responses to the attack packets. Packets with spoofed IP addresses are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack. Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space, though more sophisticated spoofing mechanisms might avoid non-routable addresses or unused portions of the IP address space. The proliferation of large [[botnet]]s makes spoofing less important in denial of service attacks, but attackers typically have spoofing available as a tool, if they want to use it, so defenses against denial-of-service attacks that rely on the validity of the source IP address in attack packets might have trouble with spoofed packets.

In DDoS attacks, the attacker may decide to spoof the IP source address to randomly generated addresses, so the victim machine cannot distinguish between the spoofed packets and legitimate packets. The replies would then be sent to random addresses that do not end up anywhere in particular. Such packages-to-nowhere are called the [[Denial-of-service attack#Backscatter|backscatter]], and there are [[network telescope]]s monitoring backscatter to measure the statistical intensity of DDoS attacks on the internet over time.<ref>{{Cite web |title=GRIN – Today's Impact on Communication System by IP Spoofing and Its Detection and Prevention |url= https://www.grin.com/document/190620|access-date=2020-07-21|website=www.grin.com|language=en}}</ref>