Scribd
Upload
19 views2 pages

Types of Attacks

The document outlines two main types of cyber attacks: passive and active. Passive attacks, such as eavesdropping and traffic analysis, involve monitoring data without altering it, making them difficult to detect, while active attacks, like Denial of Service and phishing, involve direct interference with data and are more noticeable. Key differences include the level of interference, visibility, goals, examples, and impact of each attack type.

Uploaded by

jajantidas1980
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views2 pages

Types of Attacks

The document outlines two main types of cyber attacks: passive and active. Passive attacks, such as eavesdropping and traffic analysis, involve monitoring data without altering it, making them difficult to detect, while active attacks, like Denial of Service and phishing, involve direct interference with data and are more noticeable. Key differences include the level of interference, visibility, goals, examples, and impact of each attack type.

Uploaded by

jajantidas1980
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

The most common types of attacks:

1. Passive Attacks

Passive attacks are those in which the attacker does not alter or interfere with the
data being transmitted or the system in any direct way. The main goal of passive
attacks is typically to monitor, intercept, or eavesdrop on the communication or
data. These attacks are harder to detect because they don't change anything in the
system or data.

Common Passive Attacks:

 Eavesdropping (Sni ing): The attacker listens to and captures network tra ic
to gather sensitive information, such as login credentials or credit card
numbers. This is typically done using packet-sni ing tools (e.g., Wireshark).

 Tra ic Analysis: The attacker analyzes patterns of tra ic between parties to


infer sensitive information, even without decoding the actual content (e.g.,
identifying the type of service being accessed or the volume of sensitive
data being transmitted).

 Shoulder Surfing: This involves watching someone directly (or from a


distance) to gather sensitive information, like PIN numbers or passwords,
from their computer or phone screen.

 Man-in-the-Middle (MitM) - Passive: In a passive MitM attack, the attacker


simply intercepts the communication between two parties without altering
it. The attacker silently collects data being sent between them.

Goal: In passive attacks, attackers are often gathering information for later use,
such as stealing passwords, credit card numbers, or corporate secrets.

Detection: These attacks are hard to detect because they don't modify any data.
Monitoring network tra ic or using encryption can help mitigate the risk.

2. Active Attacks

Active attacks are those in which the attacker actively interferes with the system,
modifies the data being transmitted, or tries to cause some kind of harm to the
system or data integrity. Active attacks are more noticeable because they usually
result in some form of disruption or damage.

Common Active Attacks:

 Denial of Service (DoS): An attacker overwhelms a system with tra ic or


requests, making it unavailable to legitimate users. In a Distributed Denial of
Service (DDoS) attack, the attacker uses multiple systems to flood the
target.

 Man-in-the-Middle (MitM) - Active: The attacker intercepts and potentially


alters the communication between two parties. They could change the data
being sent, inject malicious content, or impersonate one of the parties.

 SQL Injection: An attacker inserts malicious SQL code into an input field to
manipulate a database or retrieve unauthorized information.

 Phishing: The attacker impersonates a legitimate entity, often via email, to


trick the victim into providing sensitive information (e.g., login credentials or
financial details).

 Ransomware: The attacker encrypts the victim's files and demands a


ransom for the decryption key, often locking the victim out of their system.

 Spoofing: The attacker falsifies data, such as sending fraudulent emails or


pretending to be a trusted source to deceive the victim into taking action.

Key Di erences Between Passive and Active Attacks:

Criteria Passive Attacks Active Attacks

Interference No modification of data Data is modified or interfered


with Data with

Visibility Hard to detect, as no change Easier to detect due to visible


is made disruptions

Goals Monitoring, eavesdropping, Disruption, data theft, system


data gathering manipulation

Examples Eavesdropping, tra ic Denial of Service, phishing,


analysis, shoulder surfing ransomware, SQL injection

Impact Typically, long-term data Immediate system disruptions


collection or monitoring or data compromise

You might also like