Regarding IPSEC Anti-Reply?

author

1. What is IPsec Anti-reply Window ?

2. what is the use of IPsec Anti-Replay Window Expanding and Disabling and when it is used ?

3. By Default window size is 64 packet so at a time only 64 Packets is decrypt what does it mean . ?

  • Total 1 Answer
  • 1049
Can You answer this question?
author

Anti Replay Attacks

Attacker can send encrypted traffic which he has captured previously for DOS attack in the network.

We prevent it using Sequence number in ESP packets in  IP SEC.

By default it is enabled and window size is 64.

Now Lets say we have a window from 101 to 164

So if packet is received with sequence number 99, it will be dropped as sequence number is not in the window.

If sequence number is 162 it  falls within the window and was previously received, the packet is dropped, and the replay counter is incremented.
 

If the sequence number is 165 as it is greater than the highest sequence number in the window, the packet is accepted, and marked as received.

The sliding window is then moved to the right.