Event ID 4961 - IPsec dropped an inbound packet that failed a replay check.
Description | IPsec dropped an inbound packet that failed a replay check due to a possible replay attack. |
Category | System |
Subcategory | IPSec driver |
This log data gives the following information:
- Remote network address
- Inbound SA SPI
Reasons to monitor this event:
It could indicate a replay attack against the computer.
Pro tip:
With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks all IPsec negotiation failures, helping you meet your security, operational, and compliance needs with absolute ease.
Event 4961 applies to the following operating systems:
- Windows Server 2008 R2 and 7
- Windows Server 2012 R2 and 8.1
- Windows Server 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools