What is a "pre-play" attack?
Computer-Related Risks by Peter G. Neumann classes preplay attacks as part of the "Playback attacks" category of risks and defines it as "preplay of a not-yet used message", to help understand this a little more I have included two real world examples.
Web Application example; I would argue that a CSFR (Cross-site request forgery) attack is a form of preplay as you do not have to capture the user’s traffic, but instead are using their own session to play a valid sequence of activity.
Kerberos example; An example of this would be if the attacker were able to compute a valid response to a kerberos challenge and send the expected reply before the real user. This could result in the attacker gaining access to the server within the context of the valid user’s rights.
So a pre-play attack is where an attacker is able to guess or compute a valid response to and send the reply before the valid user can. It is different to a replay attack, where the attacker would capture the whole challenge and be able to replay at a later stage.