In this chapter we have described sequence numbers between a sender and receiver as a way to protect a communication stream against substitution and replay attacks. Describe a situation in which an attacker can substitute or replay in spite of sequence numbers. For which type of sequence numbering—one general stream of sequence numbers or a separate stream for each pair of communicators—is this attack effective?

What will be an ideal response?

The attacker uses a message from one session, containing sequence numberx and attempts to insert/replay it with another session, assuming that sequence numberx will be valid in the new session. This kindof attack only works against the separate stream for each pair of communicators, assuming the messages do not contain a session ID.