[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

questions on Anti Replay Check



Hi All,
I have Following doubts regarding Antireplay service.
 
My understanding of replay attack is a hacker can get hold of a legitimate packet
in the traffic and transmit it to recevier after a while, this can cause confusion or
have some undesirable consequences at the receiving end. right?
 
Usually Antireplay check is not done for IPsec SA's of manual key management.
why? Like any other secure traffic, traffic carried such SA too can be hacked by
replay attack right?
 
ESP RFC 2406 says:
 
 The anti- replay service may be selected only if data origin authentication is
   selected, and its election is solely at the discretion of the  receiver.
 
 Why only if data origin authentication is selcted? esp trafiic without authentication
  can't come under replay attack?[ assuming AH is not used ]
 
Thanks
Lokesh