Active attacks:
Active attacks are a type of cyber security attack in which an attacker attempts to alter, destroy,
or disrupt the normal operation of a system or network. Active attacks involve the attacker
taking direct action against the target system or network, and can be more dangerous than
passive attacks, which involve simply monitoring or eavesdropping on a system or network.
Types of active attacks are as follows:
Masquerade
Modification of messages
Repudiation
Replay
Denial of Service
Masquerade –
Masquerade is a type of cyber security attack in which an attacker pretends to be someone else in
order to gain access to systems or data. This can involve impersonating a legitimate user or
system to trick other users or systems into providing sensitive information or granting access to
restricted areas.
There are several types of masquerade attacks, including:
Username and password masquerade: In a username and password masquerade attack, an
attacker uses stolen or forged credentials to log into a system or application as a legitimate
user.
IP address masquerade: In an IP address masquerade attack, an attacker spoofs or forges
their IP address to make it appear as though they are accessing a system or application from
a trusted source.
Website masquerade: In a website masquerade attack, an attacker creates a fake website that
appears to be legitimate in order to trick users into providing sensitive information or
downloading malware.
Email masquerade: In an email masquerade attack, an attacker sends an email that appears to
be from a trusted source, such as a bank or government agency, in order to trick the
recipient into providing sensitive information or downloading malware.
Masquerade Attack
�Modification of messages –
It means that some portion of a message is altered or that message is delayed or reordered to
produce an unauthorized effect. Modification is an attack on the integrity of the original data. It
basically means that unauthorized parties not only gain access to data but also spoof the data by
triggering denial-of-service attacks, such as altering transmitted data packets or flooding the
network with fake data. Manufacturing is an attack on authentication. For example, a message
meaning “Allow JOHN to read confidential file X” is modified as “Allow Smith to read confidential
file X”.
Modification of messages
Repudiation –
Repudiation attacks are a type of cyber security attack in which an attacker attempts to deny or
repudiate actions that they have taken, such as making a transaction or sending a message.
These attacks can be a serious problem because they can make it difficult to track down the
source of the attack or determine who is responsible for a particular action.
There are several types of repudiation attacks, including:
Message repudiation attacks: In a message repudiation attack, an attacker sends a message
and then later denies having sent it. This can be done by using spoofed or falsified headers or
by exploiting vulnerabilities in the messaging system.
Transaction repudiation attacks: In a transaction repudiation attack, an attacker makes a
transaction, such as a financial transaction, and then later denies having made it. This can be
done by exploiting vulnerabilities in the transaction processing system or by using stolen or
falsified credentials.
Data repudiation attacks: In a data repudiation attack, an attacker modifies or deletes data and
then later denies having done so. This can be done by exploiting vulnerabilities in the data
storage system or by using stolen or falsified credentials.
Replay –
It involves the passive capture of a message and its subsequent transmission to produce an
authorized effect. In this attack, the basic aim of the attacker is to save a copy of the data
originally present on that particular network and later on use this data for personal uses. Once the
data is corrupted or leaked it is insecure and unsafe for the users.
� Replay
Denial of Service –
Denial of Service (DoS) is a type of cyber security attack that is designed to make a system or
network unavailable to its intended users by overwhelming it with traffic or requests. In a DoS
attack, an attacker floods a target system or network with traffic or requests in order to consume
its resources, such as bandwidth, CPU cycles, or memory, and prevent legitimate users from
accessing it.
There are several types of DoS attacks, including:
Flood attacks: In a flood attack, an attacker sends a large number of packets or requests to a
target system or network in order to overwhelm its resources.
Amplification attacks: In an amplification attack, an attacker uses a third-party system or
network to amplify their attack traffic and direct it towards the target system or network,
making the attack more effective.
To prevent DoS attacks, organizations can implement several measures, such as:
1.Using firewalls and intrusion detection systems to monitor network traffic and block suspicious
activity.
2.Limiting the number of requests or connections that can be made to a system or network.
3.Using load balancers and distributed systems to distribute traffic across multiple servers or
networks.
4.Implementing network segmentation and access controls to limit the impact of a DoS attack.
� Denial of Service
Passive attacks: A Passive attack attempts to learn or make use of information from the system
but does not affect system resources. Passive Attacks are in the nature of eavesdropping on or
monitoring transmission. The goal of the opponent is to obtain information that is being
transmitted. Passive attacks involve an attacker passively monitoring or collecting data without
altering or destroying it. Examples of passive attacks include eavesdropping, where an attacker
listens in on network traffic to collect sensitive information, and sniffing, where an attacker
captures and analyzes data packets to steal sensitive information.
Types of Passive attacks are as follows:
The release of message content
Traffic analysis
The release of message content –
Telephonic conversation, an electronic mail message, or a transferred file may contain sensitive or
confidential information. We would like to prevent an opponent from learning the contents of these
transmissions.
� Passive attack
Traffic analysis –
Suppose that we had a way of masking (encryption) information, so that the attacker even if
captured the message could not extract any information from the message.
The opponent could determine the location and identity of communicating host and could observe
the frequency and length of messages being exchanged. This information might be useful in
guessing the nature of the communication that was taking place.
The most useful protection against traffic analysis is encryption of SIP traffic. To do this, an
attacker would have to access the SIP proxy (or its call log) to determine who made the call.
Traffic analysis
�Difference between Active Attack and Passive Attack:
Active Attack Passive Attack
In an active attack, Modification in While in a passive attack, Modification in the
information takes place. information does not take place.
Active Attack is a danger
Passive Attack is a danger to Confidentiality.
to Integrity as well as availability.
In an active attack, attention is on
While in passive attack attention is on detection.
prevention.
Due to active attacks, the execution While due to passive attack, there is no harm to the
system is always damaged. system.
In an active attack, Victim gets While in a passive attack, Victim does not get
informed about the attack. informed about the attack.
In an active attack, System resources While in passive attack, System resources are not
can be changed. changing.
Active attack influences the services While in a passive attack, information and messages
of the system. in the system or network are acquired.
