IP spoofing is most frequently used in denial-of-service attacks.
In such attacks, the goal is to flood the victim with overwhelming
amounts of traffic, and the attacker does not care about receiving
responses to his attack packets. Packets with spoofed addresses are
thus suitable for such attacks. They have additional advantages for
this purpose - they are more difficult to filter since each spoofed
packet appears to come from a different address, and they hide the true
source of the attack. Denial of service attacks that use spoofing
typically randomly choose addresses from the entire IP address space,
though more sophisticated spoofing mechanisms might avoid unroutable
addresses or unused portions of the IP address space. The proliferation
of large botnets
makes spoofing less important in denial of service attacks, but
attackers typically have spoofing available as a tool, if they want to
use it, so defenses against denial-of-service attacks that rely on the
validity of the source IP address in attack packets might have trouble
with spoofed packets. Backscatter,
a technique used to observe denial-of-service attack activity in the
Internet, relies on attackers' use of IP spoofing for its effectiveness.

IP spoofing can also be a method of attack used by network intruders to defeat network security measures, such as authentication
based on IP addresses. This method of attack on a remote system can be
extremely difficult, as it involves modifying thousands of packets at a
time. This type of attack is most effective where trust relationships
exist between machines. For example, it is common on some corporate
networks to have internal systems trust each other, so that a user can
log in without a username or password provided they are connecting from
another machine on the internal network (and so must already be logged
in). By spoofing a connection from a trusted machine, an attacker may
be able to access the target machine without authenticating.