33 lines
1.1 KiB
Markdown
33 lines
1.1 KiB
Markdown
Active v Passive Attacks
|
|
========================
|
|
|
|
Base Definitions
|
|
----------------
|
|
|
|
Passive: compromising a system but not necessarily doing anything apart
|
|
from *watching*
|
|
|
|
Active: compromising a system while doing something to the system apart
|
|
from infiltrating it
|
|
|
|
Loosely speaking
|
|
----------------
|
|
|
|
*Passive* can be just like listening in on a conversation(eavesdropping)
|
|
where *active* is like jumping into the conversation and trying to do
|
|
something to it.
|
|
|
|
When/How would either happen?
|
|
-----------------------------
|
|
|
|
If the result of an attack is to actually trigger some code to run then
|
|
usually we need to first gather the information required to understand
|
|
how to make that happen. The reasoning is straightforward: if you don't
|
|
know how some system works then it's much harder to exploit that system.
|
|
|
|
Random example: Using a keylogger to log keystroke before sending those
|
|
logs to a server for processing could be a passive attack since you're
|
|
still in a *gathering data* sort of mode. Finally using that data to
|
|
trying logging into some service would be the active portion of a
|
|
full-scale attack.
|