What is IP spoofing?

One day last week, I went into work and saw an e-mail from the engineer, forwarded from the central computer network administrator. It said there was unusually high activity in our subnet, specifically coming from the IP address of my computer, which violated company network usage policy. It lasted only 15 minutes, but during those 15 minutes I wasn’t in the building and my computer was turned off.

I’m not in any trouble, because both the engineer in question and the company IT guy know I wasn’t there and the computer was off.

Does anybody have any idea what could have been going on there? I don’t have any knowledge of networking or hacking or anything of the sort. What would have been the purpose of someone pretending to have been at my IP address? Did somebody enter in random numbers into their TCP/IP configuration to do something illegal on the company network and it just happened to be my address?

I’d appreciate anyone’s input to just help me understand what happened there.

Well, it’s sure possible to spoof an IP address. It’s not terribly difficult to alter the IP address in outbound TCP/IP or HTTP packets, but you can’t do very much this way. Since the IP address in the packets don’t point back to your computer, you have no way to receive any information back. You can only send information out. This is of limited value and is used primarily in DoS attacks, where getting information back is neither needed nor desired.

Why your IP address? I’ve not a clue.

IP spoofing is using a program to make IP packets which have a source address not matching that computer’s address. It’s limited though in that the computer will not receive the other machine’s response. Therefore, you couldn’t browse the web or anything like that using IP spoofing. More likely, the culprit simply set their IP address as yours. This won’t work if the local network is logging MAC addresses, but apparently they weren’t in this case.