Passive Attacks & Active Attacks
Passive Attack:
This attack attempts to learn or use information from the systems but does not affect the system's resources. The goal of the opponent is to obtain the information being transmitted and that too without making any noise.
- Eavesdropping attack (Passive):
In a passive eavesdropping attack, the hacker or sniffer program only gathers intel on its target, the data is never altered. Voice-over IP (VoIP) eavesdropping is an example of a passive eavesdropping attack.
- Traffic Analysis:
In this case, the intruder could determine the location and identity of the communicating host and could observe the frequency and length of the message being exchanged. This information might be useful in guessing the nature of the communication that took place.
Active Attack:
An active attack attempts to alter the system's resources or affect its operations. The active attack involves some modification of data streams or the creation of false statements.
- Masquerade:
This attack happens when one entity pretends to be another entity. It involves one of the other forms of active attack.
- Replay Attack:
It involves passive capture of a message and its subsequent the transmission to produce an authorised effect.
- Modification Attack:
It means that some portion of the message either altered or is delayed or recorded to produce an unauthorised effect. Ex: A message reads “Give John $100” which is modified to “Give Trudy $100”.
- Denial of Service(DoS) Attack:
It prevents the normal use of communication facilities. This attack may have a specific target. Another form of service denial is the disruption of an entire network either by disabling the network or by overloading it by messages, so as to degrade performance.
- Active attacks have measures that are available that we can actually get a sense that there is something anomaly.
- It is difficult to prevent active attacks universally absolutely because of the diversity of the style of the attacks which comes with that.
- So, the main goal is to detect the active attacks earlier and to recover from any disruption or delays caused by the attacks.
