Anti-replay - Wikipedia

Home » How Does Ipsec Prevent Replay Attacks » Anti-replay - Wikipedia

Maybe your like

Jump to content

Contents

move to sidebar hide
  • (Top)
  • 1 See also
  • 2 References
  • Article
  • Talk
English
  • Read
  • Edit
  • View history
Tools Tools move to sidebar hide Actions
  • Read
  • Edit
  • View history
General
  • What links here
  • Related changes
  • Upload file
  • Page information
  • Cite this page
  • Get shortened URL
  • Download QR code
Print/export
  • Download as PDF
  • Printable version
In other projects
  • Wikidata item
Appearance move to sidebar hide From Wikipedia, the free encyclopedia

Anti-replay is a sub-protocol of IPsec that is part of Internet Engineering Task Force (IETF). The main goal of anti-replay is to avoid hackers injecting or making changes in packets that travel from a source to a destination. Anti-replay protocol uses a unidirectional security association in order to establish a secure connection between two nodes in the network. Once a secure connection is established, the anti-replay protocol uses packet sequence numbers to defeat replay attacks as follows: When the source sends a message, it adds a sequence number to its packet; the sequence number starts at 0 and is incremented by 1 for each subsequent packet. The destination maintains a 'sliding window' record of the sequence numbers of validated received packets; it rejects all packets which have a sequence number which is lower than the lowest in the sliding window (i.e. too old) or already appears in the sliding window (i.e. duplicates/replays). Accepted packets, once validated, update the sliding window (displacing the lowest sequence number out of the window if it was already full).[1][2]

See also

[edit]
  • Cryptanalysis
  • Man in the middle attack
  • Replay attack
  • Session ID
  • Transport Layer Security

References

[edit]
  1. ^ Szigeti, Tim; Hattingh, Christina (2005). End-to-end QoS network design : Quality of service in LANs, WANs, and VPNs. Indianapolis, IN: Cisco Press. p. 732. ISBN 1-58705-176-1.
  2. ^ Lee, Donald C. (1999). Enhanced IP services for Cisco networks. Indianapolis, IN, USA: Cisco Press. p. 386. ISBN 1-57870-106-6.
Stub icon

This Internet-related article is a stub. You can help Wikipedia by expanding it.

  • v
  • t
  • e
Retrieved from "https://en.wikipedia.org/w/index.php?title=Anti-replay&oldid=1122156876" Categories:
  • Internet layer protocols
  • Cryptographic protocols
  • Tunneling protocols
  • Network layer protocols
  • Internet stubs
Hidden category:
  • All stub articles
Search Search Toggle the table of contents Anti-replay 2 languages Add topic

Tag » How Does Ipsec Prevent Replay Attacks