written by: Melantha Matthews•edited by: M.S. Smith•updated: 1/27/2011
This article takes a brief look at passive vs. active network security attacks. It deals with the differences and gives examples of commonly used exploits. This article is not intended to be a tutorial on network attacks but only a discussion on the topic of network security.
slide 1 of 4
It wouldn’t be prudent to introduce the topic of a passive vs. active network security attack without first giving an introduction on basic networking. Those who have previous network or network security experience can skip this part & read ahead. Those neophytes without any prior networking experience continue reading.
slide 2 of 4
How Networks Work
A network is comprised of two or more nodes or computers. They are connected to each other via a wired or wireless connection. The protocol that supports the exchange of data between the two is called “IP" or Internet protocol. While an Intranet utilizes this protocol connectivity is limited to those computers within the Intranet. It utilizes an internal connection to exchange data over IP. Computers outside of an Intranet are set up to transmit data back and forth over an external (or Internet) connection. Confused yet? Here’s an example…
Intranet = (My Computer #1 <==> My Computer #2)
An Intranet does not allow you to connect to websites like Facebook or watch those cool videos on YouTube. On the other hand, an external Internet connection allows you to connect to the computers on the Intranet and to websites, which makes the network prone to network security attacks. Data packets are sent between your computer and an outside server. Your computer accepts the packets, reassembles it on your computer and vice versa. It is then presented to the user in a way that humans can interpret.
Internet = (My Computer #1) <==ISP==> (YouTube)
slide 3 of 4
Now you should have an understanding of how data is sent over the wire. Let’s review passive attacks. When you’re on the Internet, most places you visit will ask you to sign up to use their website or to sign in to their website. If this information is intercepted by a packet sniffer, then these packets can be reviewed later for passwords, usernames and other interesting tidbits. If you are using a network in a college or business setting, that’s a lot of data being sent, increasing the likelihood of getting useful information. Larger networks also contain security flaws. Hence, these networks are better targets for network security attacks both passive and active.
This is called reconnaissance and this is considered a passive attack. Passive attacks aren’t really "attacks" at all. War driving is the best example of a so-called passive attack. This is when someone parks their car within the range of unsecured wireless networks that will allow the attacker to listen to the network & allow the attacker to infiltrate the network later for an active attack.
These methods are a way of gathering information on your targets. Whether it is in preparation of an actual attack like MITM (man-in-the-middle) or a DoS attack the only thing you’re really doing is listening or looking for vulnerabilities. Once an attacker has gathered enough information the target, he or she is ready to execute an active attack, and that is when it becomes a risk to network security. Corporations, in particular, want to patch these holes before a network security attack can be performed.
slide 4 of 4
These are much more interesting to execute in contrast to passive attacks. DoS (denial of service) attacks, for example, occur when you flood a network with packets. The server is focused completely on processing incoming packets to the point it can no longer handle legitimate traffic. The server is flooded and eventually freezes. MITM attacks are typically carried out to capture data packets intended for other computers. This is executed by first employing a DoS attack and then spoofing the intended recipient’s IP address. The server sees the MITM as the friendly computer and relays traffic intended for the friendly to the MITM. It looks like this:
Regular transmission: Some Corp (192.168.2.3) <==data==> Friendly (192.168.2.10)
MITMTransmission: Some Corp (10.10.2.3) <== intercepted data==> MITM (Real IP (192.168.2.5 w/ spoofed IP 192.168.2.10)
Of course this type of network security attack is extensive, but the actual method is outside the scope of this topic. The complexity of this attack depends on who the intended victim is.
Hopefully, this has enlightened the curious and uninformed. Furthermore, depending on the context in which certain methods are employed, simple reconnaissance can easily turn into an active network security attack. They can go from being legal to very illegal so use caution. If you are interested in studying network security and network security attacks do it in a controlled environment. Be safe and happy computing!