Which of the following is an example of an active attack?
A.
Traffic analysis
B.
Scanning
C.
Eavesdropping
D.
Wiretapping
Explanation:
Scanning is definitively a very active attack. The attacker will make use of a scanner to perform the attack, the
scanner will send a very large quantity of packets to the target in order to illicit responses that allows the
attacker to find information about the operating system, vulnerabilities, misconfiguration and more. The packets
being sent are sometimes attempting to identify if a known vulnerability exist on the remote hosts. A passive
attack is usually done in the footprinting phase of an attack. While doing your passive reconnaissance you
never send a single packet to the destination target. You gather information from public databases such as the
DNS servers, public information through search engines, financial information from finance web sites, and
technical information from mailing list archive or job posting for example. An attack can be active or passive. An
“active attack” attempts to alter system resources or affect their operation.
A “passive attack” attempts to learn or make use of information from the system but does not affect system
resources. (E.g., see: wiretapping.) The following are all incorrect answers because they are all passive
attacks: Traffic Analysis – Is the process of intercepting and examining messages in order to deduce
information from patterns in communication. It can be performed even when the messages are encrypted and
cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and
stored, the more can be inferred from the traffic. Traffic analysis can be performed in the context of military
intelligence or counter-intelligence, and is a concern in computer security. Eavesdropping – Eavesdropping is
another security risk posed to networks. Because of the way some networks are built, anything that gets sent
out is broadcast to everyone. Under normal circumstances, only the computer that the data was meant for will
process that information. However, hackers can set up programs on their computers called “sniffers” that
capture all data being broadcast over the network. By carefully examining the data, hackers can often
reconstruct real data that was never meant for them. Some of the most damaging things that get sniffed include
passwords and credit card information. In the cryptographic context, Eavesdropping and sniffing data as it
passes over a network are considered passive attacks because the attacker is not affecting the protocol,
algorithm, key, message, or any parts of the encryption system.
Passive attacks are hard to detect, so in most cases methods are put in place to try to prevent them rather than
to detect and stop them. Altering messages, modifying system files, and masquerading as another individual
are acts that are considered active attacks because the attacker is actually doing something instead of sitting
back and gathering data. Passive attacks are usually used to gain information prior to carrying out an active
attack.” Wiretapping – Wiretapping refers to listening in on electronic communications on telephones,
computers, and other devices. Many governments use it as a law enforcement tool, and it is also used in fields
like corporate espionage to gain access to privileged information. Depending on where in the world one is,
wiretapping may be tightly controlled with laws that are designed to protect privacy rights, or it may be a widelyaccepted practice with little or no protections for citizens. Several advocacy organizations have been
established to help civilians understand these laws in their areas, and to fight illegal wiretapping.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 6th Edition, Cryptography, Page 865
http://en.wikipedia.org/wiki/Attack_%28computing%29
http://www.wisegeek.com/what-is-wiretapping.htm
https://pangea.stanford.edu/computing/resources/network/security/risks.php
http://en.wikipedia.org/wiki/Traffic_analysis