Anti-replay

Anti-replayis a sub-protocol ofIPsecthat is part ofInternet Engineering Task Force(IETF). The main goal of anti-replay is to avoidhackersinjecting or making changes inpacketsthat travel from a source to a destination. Anti-replay protocol uses aunidirectional security associationin order to establish asecure connectionbetween two nodes in the network. Once a secure connection is established, the anti-replayprotocoluses packet sequence numbers to defeat replay attacks as follows: When the source sends a message, it adds a sequence number to its packet; the sequence number starts at 0 and is incremented by 1 for each subsequent packet. The destination maintains a 'sliding window' record of the sequence numbers of validated received packets; it rejects all packets which have a sequence number which is lower than the lowest in the sliding window (i.e. too old) or already appears in the sliding window (i.e. duplicates/replays). Accepted packets, once validated, update the sliding window (displacing the lowest sequence number out of the window if it was already full).^[1]^[2]

References

^Szigeti, Tim; Hattingh, Christina (2005).End-to-end QoS network design: Quality of service in LANs, WANs, and VPNs.Indianapolis, IN: Cisco Press. p. 732.ISBN 1-58705-176-1.
^Lee, Donald C. (1999).Enhanced IP services for Cisco networks.Indianapolis, IN, USA: Cisco Press. p. 386.ISBN 1-57870-106-6.

This Internet-related article is astub.You can help Wikipedia byexpanding it.

[1] Szigeti, Tim; Hattingh, Christina (2005).End-to-end QoS network design: Quality of service in LANs, WANs, and VPNs.Indianapolis, IN: Cisco Press. p. 732.ISBN 1-58705-176-1.

[2] Lee, Donald C. (1999).Enhanced IP services for Cisco networks.Indianapolis, IN, USA: Cisco Press. p. 386.ISBN 1-57870-106-6.

[1]

[2]

See also

References