Home » tricks » Passive and Active attacks

Passive and Active attacks

in - on February 19, 2016 - No comments

What is Passive attacks

It is common knowledge that when using an untrusted network, such as Internet Café, your communication with the gateway (i.e. a router or access point) must always be treated as untrustworthy.  
The methods available for intercepting users' traffic using a Man-in-the-Middle attack in order to initiate a Passive attack have already been widely discussed.  
For instance, an attacker sets-up an access point with the same network name and MAC address as a genuine one. This gives the attacker complete control over the communication of everyone who mistakenly uses the rogue network instead of the genuine one. This attack is described in the book "Wireless Hacking: Breaking Through "ii. 
Although Passive attacks work well and constitute a serious risk when using a public network, users can protect themselves by following a few general security guidelines, such as:
1. Use SSL as much as possible:
• Avoid logging in to any non-SSL sites
• Make sure the site's SSL certificate is valid
2. If you must access a non-SSL site:
• Do not supply sensitive information: Credit Cards, usernames and passwords.
• Be aware that the integrity of the information you see on such a Web site might have been compromised
• Do not execute applications downloaded from the site
• Do not install software updates, ActiveX controls, browser extensions, etc.
Of course, some of the attack vectors are still valid even if these security guidelines are followed, but the attacker cannot cause much harm, since the user never surfs to any site that deals with sensitive information. 

What is Active attacks
In the Active attack scenario, a malevolent third party manipulates a response within a legitimate session in a way that tricks the client into issuing an unwanted request (unknown to the user) that discloses sensitive information. The attacker can then apply a regular Passive attack on this information. It is important to emphasize that this is made possible by a design flaw, not an implementation error or bug. 
We describe this type of attack as "active" rather than "passive" because of two essential differences in the nature of the attack:
• It is initiated by the attacker rather than the victim 
• The target is entirely controlled by the attacker, rather than being limited by the extent of the victim's browsing activity
Labels:

Post a Comment

Type your comments Hear..
Not type
To send E-mail