| 释义 |
- References
Anti-replay is a sub-protocol of IPsec that is part of Internet Engineering Task Force (IETF). The main goal of anti-replay is to avoid hackers injecting or making changes in packets that travel from a source to a destination. Anti-replay protocol uses a unidirectional security association in order to establish a secure connection between two nodes in the network. Once a secure connection is established, the anti-replay protocol uses packet sequence numbers to defeat replay attacks as follows: When the source sends a message, it adds a sequence number to its packet; the sequence number starts at 0 and is incremented by 1 for each subsequent packet. The destination maintains a 'sliding window' record of the sequence numbers of validated received packets; it rejects all packets which have a sequence number which is lower than the lowest in the sliding window (i.e. too old) or already appears in the sliding window (i.e. duplicates/replays). Accepted packets, once validated, update the sliding window (displacing the lowest sequence number out of the window if it was already full).[1][2]See also Replay attack. References 1. ^{{cite book|last=Szigeti|first=Tim|title=End-to-end QoS network design : Quality of service in LANs, WANs, and VPNs|year=2005|publisher=Cisco Press|location=Indianapolis, IN|isbn=1-58705-176-1|pages=732|last2=Hattingh |first2=Christina}}
2. ^{{cite book|last=Lee|first=Donald C.|title=Enhanced IP services for Cisco networks|year=1999|publisher=Cisco Press|location=Indianapolis, IN, USA|isbn=1-57870-106-6|pages=386}}
{{internet-stub}} 4 : Internet layer protocols|Cryptographic protocols|Tunneling protocols|Network layer protocols |