February 3rd, 2011 
sahlan 
Passive attacks are characterized by techniques of observation. The intention of a passive attack is to gain network information before launching an active attack. These passive attacks can lead to actual active attacks or intrusions/penetrations into all organization’s network. By probing for network information, the intruder obtains network information that can be used to target a particular system or set of systems during an actual attack. Three examples of passive attacks are network analysis, traffic analysis, and eavesdropping.
Network analysis
The computer traffic across a network can be analyzed to create a map of the hosts and routers. Common tools such as HP OpenView or OpenNMS are useful for creating network maps. The objective of network analysis is to create a complete profile of the network infrastructure prior to launching an active attack. Computers transmit large numbers of requests that other computers on the network will observe. Simple maps can be created with no more than the observed traffic or responses from a series of ping commands. The network ping command provides a simple communications test between two devices by sending a single request, also known as a ping. The concept of creating maps by using network analysis is commonly referred to as painting or footprinting.
Host traffic analysis
Traffic analysis is used to identify systems of particular interest. The communication between host computers can be monitored by the activity level and number of service requests. Host traffic analysis is an easy method used to identify servers on the network. Specific details on the host computer can be determined by using a fingerprinting tool such as Nmap. The Nmap utility is active software that sends a series of special commands, each command unique to a particular operating system type and version. For example, a Unix system will not respond to a NetBIOS type 137 request. However, a computer running Microsoft Windows will answer. The exact operating system of the computer can usually be identified with only seven or eight simple service requests. Host traffic analysis will provide clues to a system even if all other communication traffic is encrypted. This is an excellent tool for tracking down a rogue IP address. The Nmap utility provides information as to whether the destination address is a Unix computer, Macintosh computer, computer running Windows, or something else like an HP printer. This fingerprinting technique is also popular with hackers for the same reason.
Eavesdropping
Eavesdropping is the traditional method of spying with the intent to gather information. The term originated from a person spying on others while listening under the roof eaves of a house. Computer network analysis is a type of eavesdropping. Other methods include capturing a hidden copy of files or copying messages as they traverse the network. Email messages and instant messaging are notoriously vulnerable to eavesdropping because of their insecure design. Computer login IDs, passwords, and user keystrokes can be captured by using eavesdropping tools. Encrypted messages can be captured by eavesdropping with the intention of breaking the encryption at a later date. The message can be read later, after the encryption is compromised. Eavesdropping helped the Allies crack the secret code of radio messages sent using the German Enigma machine in World War II. Network sniffers are excellent tools for capturing communications traveling across the network.
Taken from:
- CISA® Study Guide Second Edition (chapter 7) by David L. Cannon
- CISA Review Manual 2007
Related posts:
Posted in 
Tags: