Passive reconnaissance definition
In cybersecurity, passive reconnaissance collects information about the target network, system, or organization without directly interacting with the system, for instance, without sending any packets to the target. This method relies on publicly available information or can be gathered without alerting users and system administrators.
See also: reconnaissance
Common passive reconnaissance use cases:
- Network and traffic analysis: First, attackers intercept and analyze the network traffic, usually broadcasted or leaked from the system. Later, they infer network structures, active machines, and communication patterns. Attackers achieve all this without sending any packets to the network.
- Gathering freely available information: Attackers collect information from public sources, like social media, websites, and freely available databases, to learn everything about the organization, its structure, infrastructure, and even employee details. All this is done to evaluate the security posture of the potential target.
- System behavior evaluation: System monitoring from a distance is conducted to evaluate the behavior of system applications, noting the details of error messages, various page structures, and even network protocols. These measures are taken to identify system vulnerabilities without active system probing or scanning.