Anti-replay

Anti-replay is a sub protocol of IPsec which is part of Internet Engineering Task Force (IETF). The main goal of anti-replay is to avoid hackers injecting or making changes in packets that travel from a source to a destination. Anti-replay protocol uses a unidirectional security association in order to establish a secure connection between two nodes in the network. Once a secure connection is established, anti-replay protocol will use a sequence number or a counter. When the source sends a message it adds a sequence number to its packet starting at 0 and increments everytime it sends another message. The other end, which is the destination, receives the message and keeps a history of the number and shifts it as the new number. If the next message has a lower number the destination will drop the packet, and if the number is larger than the previous one it keeps and shifts it as the new number and so on.^[1] ^[2]

References

^ Szigeti, Tim (2005). End-to-end QoS network design : Quality of service in LANs, WANs, and VPNs. Indianapolis, IN: Cisco Press. p. 732. ISBN 1-58705-176-1. {{cite book}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
^ Lee, Donald C. (1999). Enhanced IP services for Cisco networks. Indianapolis, IN, USA: Cisco Press. p. 386. ISBN 1-57870-106-6.

[1] Szigeti, Tim (2005). End-to-end QoS network design : Quality of service in LANs, WANs, and VPNs. Indianapolis, IN: Cisco Press. p. 732. ISBN 1-58705-176-1. {{cite book}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)

[2] Lee, Donald C. (1999). Enhanced IP services for Cisco networks. Indianapolis, IN, USA: Cisco Press. p. 386. ISBN 1-57870-106-6.

[1]

[2]