Spoofing is an impersonation (imitation) of a user, device or client on the Internet. It’s often used during a cyberattack to disguise the source of attack traffic.
How IP Spoofing works
To start, a bit of background on the internet. The data transmitted over the internet is first broken into multiple packets, and those packets are transmitted independently and reassembled at the end. Each packet has an IP (Internet Protocol) header that contains information about the packet, including the source IP address and the destination IP address.
In IP spoofing, a hacker uses tools to modify the source IP address in the packet header to make the receiving computer system think the packet is from a trusted source, such as another computer on a legitimate network, and accept it. Because this occurs at the network level, there are no external signs of tampering.
This type of attack is common in Denial-of-Service (DoS) attacks, which can overwhelm computer networks with traffic. In a DoS attack, hackers use spoofed IP addresses to overwhelm computer servers with packets of data, shutting them down. Geographically dispersed botnets – networks of compromised computers – are often used to send the packets. Each botnet potentially contains tens of thousands of computers capable of spoofing multiple source IP addresses. As a result, the automated attack is difficult to trace.
A variation on this approach uses thousands of computers to send messages with the same spoofed source IP address to a huge number of recipients. The receiving machines automatically transmit an acknowledgment to the spoofed IP address and flood the targeted server.
References
https://en.wikipedia.org/wiki/IP_address_spoofing
https://searchsecurity.techtarget.com/definition/IP-spoofing
https://usa.kaspersky.com/resource-center/threats/ip-spoofing
https://blog.cloudflare.com/the-root-cause-of-large-ddos-ip-spoofing/