Short answer: yes, but not as possible as it used to be, and it depends on how literally one answers your question.
I realize you did it do not ask "Is it possible to have a TCP conversation with a forged IP address"? That question was answered skillfully by @symcbean. You asked specifically "Is it possible pass TCP handshake with the forged IP address. "Then, there is a difference between the question he asked:" Can you forge SYN-> SYN / ACK-> ACK in such a way that the server believes that a connection has been established successfully? and the question that probably meant: "Can you keep a TCP conversation with a counterfeit customer address?"
So let's take a look at the literal question you asked. In that case, the answer is "Yes, if the initial TCP sequence number included in the SYN / ACK by the server is predictable". That is why the predictability of ISN (Initial sequence number) is something tested by vulnerability scanners and something that is implemented much more correctly today than 10 or 15 years ago. To cite a Cisco 2001 warning related to this vulnerability, "The general case of this vulnerability in TCP is well known to the information system security community." More famously, Mitnick abused this characteristic in his attack on Shimomura.
Unless source routing or access to a router in the network path is available, this is not a sustainable configuration. The client may be able to guess the ISN, but the subsequent sequence numbers are increased by the size of the packets being sent, which the attacker will not see and can not reliably predict. So they should be able to receive at least one package after the three-way handshake, but not a conversation. And sometimes a package is enough.
The ISN prediction is a specific subset of TCP sequence prediction attacks. While I can not cite good numbers, my experience suggests that it is a vulnerability that lasted much longer than it should have been; You still run through devices that fail scans because of it. It is difficult to get everyone to fix their TCP batteries, especially when the solution involves a robust generation of random numbers, which is somewhat difficult in limited and cheap hardware (of the type that is thrown at network devices). all the time).