A malicious insider in a sensor network may sabotage the network at any level of operation. While most prior work on network-layer security has focused on providing control plane integrity (specifically, routing correctness), we approach a complementary and equally important problem: data plane reliability. In a data plane attack, the attacker does not attack the routing control logic, but instead directly manipulates the data payloads flowing on the network to cause disruption. We reduce the general problem of data-plane manipulation attacks to two specific attacks: packet dropping and injection, and propose two complementary protocols to address the problem as a whole. We address packet dropping with a probabilistic probing protocol which can bound the end-to-end drop rate below a fixed threshold for a given path in the presence of multiple adversarial nodes and natural packet loss. We address packet injection with a rate-limiting mechanism based on per-epoch audit to detect nodes which exceed their allotted data origination rates. In both protocols, an adversary can misbehave by at most a fixed amount on expectation, before it is detected; after detection, one of the links under its control will be removed. Hence, the total amount of misbehavior (packet injection or dropping) an adversary can inflict is a constant regardless of the lifetime of the network.