Back to Security Pattern Catalog

Message Replay Detection

Classification Key : Perimeter Security, Spoofing


How do you protect a service from an attacker who replays an intercepted message?


Cache an identifier for incoming messages, and use message replay detection to identify and reject messages that match an entry in the replay detection cache. Message replay detection requires that individual messages can be uniquely identified. This ensures that a legitimate message is not rejected because of a match in the replay detection cache. Message replay detection also requires that messages have not been tampered with in transit. This ensures that the replay detection cache does not accept messages that have been captured and modified by an attacker.

Known Uses

A message cache for detecting message replay to thwart an impersonation attack.

Related Patterns

Intercepting Validator


Microsoft Book




Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz