Anti-replay is a sub-protocol of IPsec that is part of Internet Engineering Task Force (IETF). The main goal of anti-replay is to avoid hackers injecting or making changes in packets that travel from a source to a destination. Anti-replay protocol uses a unidirectional security association in order to establish a secure connection between two nodes in the network. Once a secure connection is established, anti-replay protocol[disambiguation needed] will use a sequence number or a counter. When the source sends a message, it adds a sequence number to its packet starting at 0 and increments every time it sends another message. The other end, which is the destination, receives the message and keeps a history of the number and shifts it as the new number. If the next message has a lower number, the destination will drop the packet, and, if the number is larger than the previous one, it keeps and shifts it as the new number and so forth.[1] [2]
References
- ^ Szigeti, Tim; 9794,, CCIE No., Hattingh, Christina (2005). End-to-end QoS network design : Quality of service in LANs, WANs, and VPNs. Indianapolis, IN: Cisco Press. pp. 732. ISBN 1-58705-176-1.
- ^ Lee, Donald C. (1999). Enhanced IP services for Cisco networks. Indianapolis, IN, USA: Cisco Press. pp. 386. ISBN 1-57870-106-6.
