Anyone can fake an IP address on the same LAN as the host you're trying to impersonate (e.g. on an Ethernet, you can find a machine you wish to impersonate, shut it down, or otherwise cause it to stop responding on the LAN, and then set your own IP address to be the same as the machine you wish to impersonate, and go to it). If you want to do so from far away, however, you have to successfully attack the routing system of the network so that it will send packets to you (the impostor) instead of to the "real" host.
In the modern Internet, there are no "natural" (classful) IP network numbers any more (e.g. "Class A", "Class B", "Class C" network numbers). Classless Inter-Domain Routing (CIDR) is now The Way, The Truth, and The Light. This means all routes in the Default Free Zone (DFZ) of the Internet are a tuple: they have a number, and a mask. The mask tells how many bits of the number everyone must treat as significant. Everyone must always route by longest match (i.e. pick the route for which the most bits of the destination address match). The new syntax for expressing routing information is number/mask, e.g. 10/8, 128.1/16, 192.1.1/24 (these are examples of the old "classful" IP addresses with their "natural" masks).
This was done to be able to aggregate the IP routing table in the DFZ (i.e. gang together network numbers into blocks that can be routed to with one route instead of several) so as to control the growth of the routing tables.
One of the implications of this is that I could, in principle, inject a host route into the DFZ (i.e. a route with 32 bits of significance), snatch/send packets for a time as that host, remove the route, and vanish into the æther. Whether this really works or not depends entirely on the Internet Service Providers (ISPs):
Whether they are filtering the route announcements from their customers (the sensible ones are, the ignorant ones aren't).
Whether they are filtering each other (by and large, they are not; however, SPRINT is doing some route mask length filters, e.g. they will not accept a route as being valid for a network number with a mask longer than 18 bits in some ranges of Class C address space, or longer than 8 bits in the old Class A address space).
Whether there is any authentication or trace/tracking information on the route source itself (there isn't, yet).
So, your task, as the attacker, is to find a permissive (or ignorant) ISP that will believe and pass on any route you give them, who, in turn, everyone else believes (or even just the ISP of your intended target believes), and you've got your target by the short hairs.
Of course, if you use encryption to encode all your bits, you're safe from traffic snatching, and probably false authentication too, regardless of how the routes flow (so the host route idea now turns into a denial of service attack). Either way, pick your ISP carefully
What this all means is that if you want to do authentication on the Internet, you really have to do something cryptographic in nature.
In particular, for you UNIX system administrators out there, this means that you must stop running the rlogind and rshd because their authentication model is based on IP addresses, which has always been understood to be attackable (anyone can fake an IP address on the same LAN as the target, since you don't have to attack the routing system to do it - just shut the "real" one up, and lie, lie, lie), but is now known to be compromised (i.e. the cracker urchins out there have software tools that can successfully exploit this weakness to attack a server host).