The definition of the SNMPv2 security protocols requires that, if the authentication timestamp value on a received message - augmented by an administratively chosen lifetime value - is less than the local notion of the clock for the originating SNMPv2 party, the message is not delivered.
if (timestampOfReceivedMsg +
party->administrativeLifetime <=
party->localNotionOfClock) {
msgIsValidated = FALSE;
}
By virtue of this mechanism, the protocols realize goal 3. In cases in which the local notions of a particular SNMPv2 party clock are moderately well-synchronized, the timeliness mechanism effectively limits the age of validly delivered messages. Thus, if an attacker diverts all validated messages for replay much later, the delay introduced by this attack is limited to a period that is proportional to the skew among local notions of the party clock.