Antireplay ProtectionThe optional antireplay protection scheme used in IPSec is simple and elegant. Each IPSec packet will be identified with a particular sequence number as well as a session key used for the data authentication. If an IPSec peer decrypts a packet and notices that the sequence number is out of order, it silently discards the packet. The same is true if the packet does not pass the data-integrity check. |