Why is it not possible to fake an IP address?

ip tcp

I know it's possible to change an IP address using a proxy, but I'm interested in why is it not possible to change it by sending changed data from a single computer?

Update:

Thanks for quick replies, but it's not clear, what would happen, should a stateless protocol be used, like HTTP. I'm not familiar with lower-level network communication, but it seems that theoretically it should be possible to faken IP address if a PC connects to the server and receives the reply immediately.


Solution 1:

It is fully possible to send data with a fake sender IP. You'll have a hard time getting replies though, since the replies will be sent to the fake IP and never reach you. Additionally, if you send data with a "from" IP that a router doesn't expect to arrive from you, the router will often simply drop it, and sometimes inform the ISP that you're up to something that violates your TOS.

EDIT: In response to edited post.

Any protocol (such as HTTP) that is built on top of a connection-oriented protocol (TCP) will require a valid IP. The cases where fake IPs have been prevalent mostly involve Denial Of Service attacks, using UDP, ICMP or the initial SYN packet in a TCP handshake.

Solution 2:

You can use any IP address you want for sending, but replies will go to the IP address you used, so you cannot establish two-way communication this way.

Solution 3:

(* Its an old question and the answers are okay, just one addition)
its called IP spoofing, firewalls are working hard to detect and block it and network-bridges might get confused by it (for a while)
http://en.wikipedia.org/wiki/IP_address_spoofing

Solution 4:

If you try to send a packet by changing the source ip addres you can send it to someone else but if you want a packet to return to your pc you must use something like a NAT

If you are behind a router on your network you are in essence changing hiding your own identity

Example: you : 192.168.1.4 insiderouter: 192.168.1.1 external-ip: 8.8.8.8 destination-ip: 8.8.4.4

Sending a packet: from: 192.168.1.4 (you) to 8.8.4.4 (dest) router transelates to : from: 8.8.8.8 (external-ip) to 8.8.4.4 (dest) and keeps your ip in his memory

than the packet arives at his destination.

Now the destination sends a packet back from: 8.8.4.4 (dest) to 8.8.8.8 (external-ip) router transelates to (whith using its memory) from: 8.8.4.4 (dest) to 192.168.1.4 (you)

and now the packet returns to your pc

as you can see the destination doesnt know your ip but only knows the ip of the router

this is a way you can acclompisch a way to hide your ip

Related

How to get all the keys (only keys) from dictionary object without going through for each loop
Ant unable to find javac, JAVA_HOME won't set on Ubuntu
Compile CoffeeScript on Save?
How to center a text using PDFBox
javascript push multidimensional array
Rails join a list of strings with commas and "and" before the last
Sourcetree constantly asks for authenticate with Mercurial (Kiln)?
Eclipse: change name of existing package with classes inside
Spring Beans - how to wire null as a constructor arg?
How to set up ADB for remote machine development and local device deployment
set very low values to zero in numpy
Ant if else condition?