Retry Detection

To minimize the potential for replay attacks, the DA controller needs to support retry detection. This involves remembering source UDP port and RADIUS packet identifier pairs that have been received on a per DA Initiator basis. This information needs to be remembered for a reasonable period of time so that an attacker resending an identical frame to the DA controller does not cause undue harm to the switch. This functionality used in conjunction with the Event-Timestamp attribute limits the validity of replay attacks.