Use Replay detection to protect against message replay attacks
Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen
A replay attack occurs when an attacker copies a stream of messages between two parties and replays the stream to one or more of the parties. Unless mitigated, the computers subject to the attack will process the stream as legitimate messages, resulting in
a range of harmful consequences, such as redundant orders of an item.
To enable replay detection in the service:
- Create a customBinding Element.
- Create a <security> element.
- Create a localClientSettings element or localServiceSettings element.
- Set the following attribute values, as appropriate: detectReplays, maxClockSkew, replayWindow, and replayCacheSize. The following example sets the attributes of both a <localServiceSettings> and a <localClientSettings> element: