Hi All,
I have Following doubts regarding Antireplay
service.
My understanding of replay attack is a hacker can
get hold of a legitimate packet
in the traffic and transmit it to recevier after a
while, this can cause confusion or
have some undesirable consequences at the receiving
end. right?
Usually Antireplay check is not done for IPsec SA's
of manual key management.
why? Like any other secure traffic, traffic carried
such SA too can be hacked by
replay attack right?
ESP RFC 2406 says:
The anti- replay service may be selected only
if data origin authentication is
selected, and its election is solely at the discretion of the receiver. Why only if data origin authentication is
selcted? esp trafiic without authentication
can't come under replay attack?[ assuming AH
is not used ]
Thanks
Lokesh
|