Anti-replay
Anti-replay is a sub-protocol of IPsec that is part of Internet Engineering Task Force (IETF). The main goal of anti-replay is to avoid hackers injecting or making changes in packets that travel from a source to a destination. Anti-replay protocol uses a unidirectional security association in order to establish a secure connection between two nodes in the network. Once a secure connection is established, the anti-replay protocol uses packet sequence numbers to defeat replay attacks as follows: When the source sends a message, it adds a sequence number to its packet; the sequence number starts at 0 and is incremented by 1 for each subsequent packet. The destination maintains a 'sliding window' record of the sequence numbers of validated received packets; it rejects all packets which have a sequence number which is lower than the lowest in the sliding window (i.e. too old) or already appears in the sliding window (i.e. duplicates/replays). Accepted packets, once validated, update the sliding window (displacing the lowest sequence number out of the window if it was already full).[1][2]
References
- Szigeti, Tim; Hattingh, Christina (2005). End-to-end QoS network design : Quality of service in LANs, WANs, and VPNs. Indianapolis, IN: Cisco Press. p. 732. ISBN 1-58705-176-1.
- Lee, Donald C. (1999). Enhanced IP services for Cisco networks. Indianapolis, IN, USA: Cisco Press. p. 386. ISBN 1-57870-106-6.