You'd have to have a high level of control of the network that the server lives on in order to do this sort of spoofing of tcp connections for arbitrary IP addresses.
And if you had that level of control anyway, you wouldn't need to spoof attacks against the server, you could just redirect all incoming requests to a different server which returns whatever HTTP response headers or bodies that you want.
So your described attack is highly unlikely to ever happen.
And if you had that level of control anyway, you wouldn't need to spoof attacks against the server, you could just redirect all incoming requests to a different server which returns whatever HTTP response headers or bodies that you want.
So your described attack is highly unlikely to ever happen.