Internet Protocol Security (IPSec) with Authentication Headers (AH) is the most appropriate method for detecting packet injection attacks. The AH protocol provides connectionless integrity and data origin authentication for IP datagrams. It calculates an Integrity Check Value (ICV) over the packet, which allows the receiving device to verify that the packet originated from the trusted source and has not been tampered with or maliciously injected in transit. This directly addresses the administrator's requirement to detect such attacks.

A. IPSec with ESP primarily provides confidentiality through encryption. While it can offer authentication, AH is the protocol specifically designed for integrity and authentication without encryption, making it the most direct answer for detecting packet modification/injection.

B. Point-to-Point Tunneling Protocol (PPTP) is an obsolete and insecure protocol with significant known vulnerabilities and should not be used in modern networks.

C. Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol that does not provide any inherent security. It relies on another protocol, typically IPSec, to secure the data it transports.

1. Internet Engineering Task Force (IETF) RFC 4302

"IP Authentication Header":

Section 1 (Introduction): "The IP Authentication Header (AH) is used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays... Integrity is provided by the use of a Message Authentication Code (MAC)

e.g.

HMAC-SHA-1. Data origin authentication is provided by the same mechanism." This directly supports AH's role in verifying packet integrity and origin

which is essential for detecting injection.

2. Internet Engineering Task Force (IETF) RFC 4301

"Security Architecture for the Internet Protocol":

Section 4.1 (Security Services): "AH provides data origin authentication and connectionless integrity for IP datagrams (hereafter referred to as 'authentication')." This document

which defines the overall IPSec architecture

clearly designates AH as the protocol for authentication and integrity services.

3. Stallings

W. (2017). Cryptography and Network Security: Principles and Practice (7th ed.). Pearson.

Chapter 20

Section 20.1 "IPsec Services": This academic textbook

widely used in university curricula

explains that "The Authentication Header (AH) provides support for data integrity and authentication of IP packets... The authentication service confirms that the message was not modified during transmission." This confirms AH's primary function aligns with the question's requirement.