, you are wrong. I know what the op meant, and also that there is a common misconception with IP spoofing <> anonimous browsing. IP address spoofing - as the meaning of the term - of course, won't solve his problem... But still, you are wrong.
First of all, IP spoofing is not impossible
. There is
a way to change the source IP address by modifying the IP header of existing packets or by creating custom packets. It's another thing, that nowadays most
(but not all, see http://spoofer.csail.mit.edu
) of the ISPs deployed ingress and/or egress filtering - or just using NAT - thus making IP spoofing rather difficult to achieve (I do not say impossible because there are also ways to work this around, however, it could be very difficult)
Nevertheless, just try it within your own network - get two hosts, on one of them run a packet sniffer (tcpdump, wireshark etc) and on the other one generate a packet with a fake source IP, for example with hping. You will be able to capture the packet on the other end. Whoops, you've just spoofed your IP address...
So, "IP address spoofing" is sending packets with forged source IP addresses, and it's possible to perform. Capturing the reply is a different thing. (But let's not forget that the most commonly used area of IP spoofing is UDP-based DoS attacks, where you usually don't want to receive anything) If you are on the same network segment or somewhere between the source and the destination host, you can use a sniffer. If you aren't, well, even then there is a way, which is using the source routing option of the IP packets. Theoritically
, it makes possible to receive the reply, however, it can also be filtered, ignored/dropped on the in-between routers and gateways, and the destination host also has to consider (reverse) the source route, which is disabled by default on today's systems.
This way, spoofing UDP packets is easier, as there is no connection established. You just send the packets to the destination and that's it. This method has been used for numerous DoS attacks, SNMP and DNS attacks.
Spoofing a TCP connection is much more difficult, as you have to be able to handle the three-way handshake first, and acknowledge every packet afterwards, by guessing or brute forcing the sequence and acknowledgement numbers (which is very unlikely today, but again, theoritically possible)Just one more note about mac address change.
Changing your network adapter's mac address won't make any difference (except if you want to show up on your own subnet with a different mac). The reason is, when the packets coming from your card arrive at your router or modem, your nic's mac will be replaced with the modem's/router's mac. And so on, the packets you sent travel through a bunch of gateways/routers and the source MAC address is always replaced with the previous device's mac address. The remote host you are communicating with will never know your mac.
You might be able to change the mac of your modem or router using some tool or firmware option, however, if you change it to something else - other than your isp knows about - your internet connection might stop working.