In addition to the ICV, AH assigns a unique sequence number to each packet. The recipient can thus recognize which packets were intercepted by a third party and resent. Attacks of this type are known as “packet replay“.
Note: AH does not cater for the masking of IPSec tunnels unless additional
measures, such as NAT-Traversal or an outer Layer-2-Tunneling (e.g. PPPT/L2TP),
are used that offer “changeable” IP headers.