In order to learn about IP address spoofing, one first has to know something about IP addresses and how this information underpins the way the internet currently works, in terms of connecting devices together using TCP/IP. IP address spoofing allows users a way of 'faking' or 'spoofing' the IP address that any device appears to have, in order to disguise the device's true source. It is often used by hackers to prevent organisations from tracing the source of an attack, where the organisation being attacked is using IP addresses either for the purpose of tracking, or for authentication.
IP Spoofing in practice
In practice, IP spoofing is more difficult than might be presented in films and other media. Most organisations that are built with security in mind will have some form of packet filtering (ingress and egress filtering, for instance) in place, whereby the true source of the actual IP packets are examined and tested before filtering allows the packet through.
Using TCP, the spoofing should be made more difficult by the NAT performing some sort of double-check upon access. When a hacker attempts to access a resource, the resource should respond and expect a reply on a different thread before responding. This different thread will not directly use the apparent source before handshaking, thus checking the actual IP source. If this is different then the handshake will break.
Back-tracking
Back-tracking is the process by which an attacked resource will attempt to find the true source of the request. IP spoofing is not as easy as it may at first sound, and as a result most of the films you see where the protagonist simply says:
"Don't worry - they can't trace us. I've spoofed our IP and I'm re-routing requests through a number of foreign countries. Iraq-Afghanistan-Libya, then through four ISPs in the UK, before going to Hawaii. If they even try to trace us, it'll take about seven years before they get to here." - IP Spoofing film
And if the above sounds stupid - it is. The whole point is encapsulated in the last few words "...before they get to here." Eventually the trace has to end somewhere.
Learn more about IP address spoofing from wikipedia.