Replay Attack Definition & Meaning

A replay attack is a type of man-in-the-middle attack where a hacker intercepts a network session and reuses the legitimate user’s credentials to repeat the session. For example, if an attacker performs packet sniffing or another form of eavesdropping on a user’s Internet session and intercepts their login, the attacker can “replay” that session and log into the user’s account. The replayed session or request appears legitimate because it originally came from the real user. Even encrypted Internet sessions are susceptible to replay attacks because the attacks don’t require decryption: the hacker can simply replay the session, encrypted data and all. This is particularly dangerous for enterprises, which store a wealth of sensitive data within different accounts.

Preventing replay attacks

Because replay attacks depend on reusing the session credentials that an attacker has intercepted, preventing replay attacks often means generating a single-use encryption key or ID for an Internet session. Many network transmissions between two users now use a specific, single-use encryption key, which is only valid for one session and will not allow an attacker to replay the session.

Users may even log into an account with a single-use password, which will have to be reset for every subsequent login. This prevents a replay attacker from submitting another request with the intercepted password; it will no longer be usable.

A virtual private network may protect users from man-in-the-middle attacks: they set up a computer network separate from the standard network, which typically prevents attackers from eavesdropping on the Internet connection. However, VPNs are not perfect, and they’ve occasionally allowed attackers to access the user’s network through endpoint insecurities. Some VPNs actually have flaws that allow attackers to replay Internet sessions, having gained access to their network connection using cookies that weren’t dealt with properly. If you are using a VPN to avoid replay attacks, research different options carefully and watch for security bugs that have come to light in certain VPN products.






Jenna Phipps
Jenna Phipps
Jenna Phipps is a contributor for websites such as Webopedia.com and Enterprise Storage Forum. She writes about information technology security, networking, and data storage. Jenna lives in Nashville, TN.

Top Articles

Huge List Of Texting and Online Chat Abbreviations

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How To Create A Desktop Shortcut To A Website

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

The History Of Windows Operating Systems

Microsoft Windows is a family of operating systems. We look at the history of Microsoft's Windows operating systems (Windows OS) from 1985 to present...

Hotmail [Outlook] Email Accounts

  By Vangie Beal Hotmail is one of the first public webmail services that can be accessed from any web browser. Prior to Hotmail and its...

Supply Chain Definition &...

A supply chain is a network between an organization and its suppliers to...

Relational Database Definition &...

A relational database stores and connects data in tables and columns, emphasizing the...

Common Business-Oriented Language (COBOL)...

What is COBOL? COBOL stands for Common Business-Oriented Language. It is a 60-year-old programming...