1.1 KiB
Active v Passive Attacks
Base Definitions
Passive: compromising a system but not necessarily doing anything apart from watching
Active: compromising a system while doing something to the system apart from infiltrating it
Loosely speaking
Passive can be just like listening in on a conversation(eavesdropping) where active is like jumping into the conversation and trying to do something to it.
When/How would either happen?
If the result of an attack is to actually trigger some code to run then usually we need to first gather the information required to understand how to make that happen. The reasoning is straightforward: if you don't know how some system works then it's much harder to exploit that system.
Random example: Using a keylogger to log keystroke before sending those logs to a server for processing could be a passive attack since you're still in a gathering data sort of mode. Finally using that data to trying logging into some service would be the active portion of a full-scale attack.