Quiz Entry - updated: 2026.07.14
What is the difference between a passive and an active attacker?
A passive attacker only observes (eavesdrops) without altering anything; an active attacker modifies, inserts, deletes, or replays messages.
Passive attacker:
- Listens to communication without interfering
- Goal: learn information without being detected
- Attacks: eavesdropping and traffic analysis
- Very hard to detect — the communication itself is unaltered
Active attacker:
- Actively interferes with the communication
- Modifies, inserts, replays, or deletes messages
- Easier to detect (if integrity mechanisms are in place), but more damaging
The 8 attacks classified:
| Type | Attacks |
|---|---|
| Passive | Eavesdropping, Traffic analysis |
| Active | Modifying, Inserting, Replaying, Deleting, Masquerade |
| Insider | Non-repudiation of origin, Non-repudiation of receipt |
Tip: Passive attacks threaten confidentiality; active attacks threaten integrity and authenticity. Both outsiders and insiders can be passive or active.
Go deeper:
Traffic analysis — a purely passive attack that survives encryption.