The anti-replay protocol is part of the Internet Engineering Task Force (IETF) Internet Protocol Security (IPSec) standard. Anti-replay ensures IP packet-level security by making it impossible for a hacker to intercept message packets and insert changed packets into the data stream between a source computer and a destination computer. By detecting packets that match the sequence numbers of those that have already arrived, the anti-replay mechanism helps to ensure that invalid packets are discarded. Both of the main protocols in the IPSec standard, the Encapsulating Security Payload (ESP) and the Authentication Header (AH), use anti-replay protection.
The anti-replay mechanism works by keeping track of the sequence numbers in packets as they arrive. Whether the mechanism is used at the receiving end depends upon a security level setting set by the receiver. When a security association has been established between a sender and a receiver, their counters are initialized at zero. The first packet sent will have a sequence number of 1, the second 2, and so on. Each time a packet is sent, the receiver verifies that the number is not that of a previously sent packet. When detection of a replayed packet occurs, the program sends an error message, discards the replayed packet, and logs the event - including in the log entry identifiers such as the date/time received, source address, destination address, and the sequence number.