Event ID 4961 - IPsec dropped an inbound packet that failed a replay check.
|Description||IPsec dropped an inbound packet that failed a replay check due to a possible replay attack.|
This log data gives the following information:
- Remote network address
- Inbound SA SPI
Reasons to monitor this event:
It could indicate a replay attack against the computer.
With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks all IPsec negotiation failures, helping you meet your security, operational, and compliance needs with absolute ease.
Event 4961 applies to the following operating systems:
- Windows Server 2008 R2 and 7
- Windows Server 2012 R2 and 8.1
- Windows Server 2016 and 10