IP spoofing
Attack tree
1 Non-blind spoofing attack (OR)
1.1 Gain local network access to a segment (AND)
1.2 Sniff sequence numbers
2 Blind spoofing attack
2.1 Calculate sequence numbers
Notes
In an IP spoofing attack an external or internal adversary pretends to be using a trusted device by using the address of that device. This can be either an IP address within a range of trusted internal addresses for a network or an authorised external address that is trusted and allowed access to specified network resources. Spoofing an address might enable data to be sent through a router interface with filtering based on that address.
IP address spoofing is used to mask botnet device locations in DDoS attacks and to stage DrDoS attacks.
IP spoofing can also be used to bypass IP address-based authentication.