IP address spoofing

[3] The use of packets with a false source IP address is not always evidence of malicious intent.

It lets the load balancer spray incoming traffic, but not need to be in the return path from the servers to the client.

[6] It is also recommended to design network protocols and services so that they do not rely on the source IP address for authentication.

For example, Transmission Control Protocol (TCP) uses sequence numbers negotiated with the remote machine to ensure that arriving packets are part of an established connection.

Since the attacker normally cannot see any reply packets, the sequence number must be guessed in order to hijack the connection.

The poor implementation in many older operating systems and network devices, however, means that TCP sequence numbers can be predicted.

Falsified headers are used to mislead the recipient, or network applications, as to the origin of a message.

This is a common technique of spammers and sporgers, who wish to conceal the origin of their messages to avoid being tracked.