You can't really spoof an IP effectively because if you do, http responses will go to that IP rather than yours. As such, it'd probably not be the best use of your time. (They can be fake, but they can't receive the intended data.)

您无法真正有效地欺骗 IP，因为如果这样做，http 响应将转到该 IP 而不是您的 IP。因此，这可能不是您时间的最佳利用方式。（它们可以是假的，但它们无法接收预期的数据。）

By "receive the intended data", I mean that if someone at 127.0.9.63 tries to send a login request to Google, and spoofs their IP to be 123.53.53.234, then Google will send the response to 123.53.53.234, not 127.0.9.63. That means that the would-be hacker at 127.0.9.63 never actually receives any data pertaining to your account.

通过“接收预期数据”，我的意思是如果 127.0.9.63 上的某人尝试向 Google 发送登录请求，并将其 IP 欺骗为 123.53.53.234，那么 Google 会将响应发送到 123.53.53.234，而不是 127.0。 9.63. 这意味着 127.0.9.63 的潜在黑客实际上从未收到与您的帐户有关的任何数据。

This is a risk (but probably not to you) - it's a well established way of conducting DDoS (Distributed Denial of Service) attacks. Have a look at this articleif you're curious.

这是一种风险（但对您来说可能不是） - 这是进行 DDoS（分布式拒绝服务）攻击的成熟方式。好奇的话可以看看这篇文章。

The first thing to know is that ifsomeone knows your IP and tries to spoof it, they cannot receive any responses since the response would be sent to your IP. So logging into a website with a spoofed IP is generally not possible.

首先要知道的是，如果有人知道您的 IP 并试图欺骗它，他们将无法收到任何响应，因为响应将发送到您的 IP。因此，通常无法使用欺骗性 IP 登录网站。

Also worth knowing is that any ISPs now are able to prevent IP spoofing by filtering out requests originating from their network which come from IP addresses not part of their network.

另外值得一提的是，现在任何 ISP 都能够通过过滤掉来自其网络的请求来防止 IP 欺骗，这些请求来自不属于其网络的 IP 地址。

The spoofer projecthas a lot of useful information on the subject, including ISPs from which you can and cannot spoof.

该欺骗项目有关于这个问题的很多有用的信息，包括互联网服务供应商从中你可以和不可以欺骗。

IP security is not safe at all. It is super easy for anyone to find your IP and then spoof it to be you. Checking that a person is the right person based on IP is not a strong form of security, but it does help a little. I would suggest using a cookie on the client machine in question such that a unique key is stored on that machine that would have to match one stored in the DB of your server. That would be much safer.

IP 安全根本不安全。任何人都可以轻松找到您的 IP，然后将其伪装成您。根据 IP 检查一个人是否是正确的人并不是一种强大的安全形式，但它确实有一点帮助。我建议在有问题的客户端机器上使用 cookie，以便在该机器上存储一个唯一的密钥，该密钥必须与存储在服务器数据库中的密钥相匹配。那会安全很多。

An IP address can be entirely faked, but cannot receive any packets in response. So if they knew your IP address they could not use it to pretend to be you. However, I think you're mistaken that Google and Facebook use a specific IP address to determine who you are. They may use geolocation to guess plausibility, but they generally use cookies to recognize your machine when you're coming back.

IP 地址可以完全伪造，但无法接收任何数据包作为响应。所以如果他们知道你的 IP 地址，他们就不能用它来冒充你。但是，我认为您误会了 Google 和 Facebook 使用特定 IP 地址来确定您的身份。他们可能会使用地理位置来猜测合理性，但他们通常会在您回来时使用 cookie 来识别您的机器。

IP Spoofing across different routers and across IPS's is not possible.

跨不同路由器和跨 IPS 的 IP 欺骗是不可能的。

You can very easily do IP Spoofing within a WLAN, particularly easily if you're doing a MITM attack and using tools like ettercap filters. But going outside of the WLAN? Nope. Routers know what IPs are within each area and if an IP that is invalid in an area claims to come from it, it will kill the packet.

您可以非常轻松地在 WLAN 中进行 IP 欺骗，尤其是在您进行 MITM 攻击并使用 ettercap 过滤器等工具时。但是要离开 WLAN 吗？不。路由器知道每个区域内的 IP，如果一个区域中无效的 IP 声称来自该区域，它将终止数据包。

Yes, IP Addresses can be faked, sort of You can't receive any data back from requests made with a faked IP. I wouldn't say that method is "that safe", but it's just another layer of security to reduce the possibility of a problem. the more layers the more work it is for a hacker to deal with. Nothing is 100% secure.

是的，IP 地址可以伪造，有点 您无法从使用伪造 IP 发出的请求中收到任何数据。我不会说这种方法“那么安全”，但它只是减少出现问题可能性的另一层安全性。层数越多，黑客需要处理的工作就越多。没有什么是 100% 安全的。