| The
anti-replay protocol is part of the Internet Engineering Task Force (IETF)
Internet Protocol Security (IPsec)
standard. Anti-replay ensures IP
packet-level security by making it impossible for a hacker to intercept
message packets and insert changed packets into the data stream between a
source computer and a destination computer. By detecting packets that match
the sequence numbers of those that have already arrived, the anti-replay
mechanism helps to ensure that invalid packets are discarded. Both of the
main protocols in the IPSec standard, the Encapsulating Security Payload ( |
| The anti-replay mechanism works by keeping track of the sequence numbers in packets as they arrive. Whether the mechanism is used at the receiving end depends upon a security level setting set by the receiver. When a security association has been established between a sender and a receiver, their counters are initialized at zero. The first packet sent will have a sequence number of 1, the second 2, and so on. Each time a packet is sent, the receiver verifies that the number is not that of a previously sent packet. When detection of a replayed packet occurs, the program sends an error message, discards the replayed packet, and logs the event - including in the log entry identifiers such as the date/time received, source address, destination address, and the sequence number. |