Active and Passive Types of Information Gathering

Types of Information Gathering also called as ” methods of data collection ” :

1. Active Information Gathering:
Active information gathering involves contact between the pen tester and the actual target. When you actively query systems to gain the information you are moving to a dark legal situation as most countries prohibit attempts to break into systems without the necessary permission. Thus, if you do not have permission to test a system (a get-out-of-jail-free card) it is not a good idea to perform active querying against it. For example, if you use Nmap to find open ports and applications on a desired remote system, you are actively interacting with that system in an attempt to find weaknesses and if you are doing a whois lookup,

2. Passive Information Gathering:
Too many organisations fail to identify the potential threats from information unintentionally leaked, freely available over the Internet, and not normally identifiable from standard log file analysis. Most critically, an attacker can passively gather this information without ever coming into direct contact with the organisations servers – thus being essentially undetectable.

Definition of “Passive”

Before delving into the techniques of Passive Information Gathering, it is important to understand what is meant by the term “passive”. A dictionary provides two relevant definitions:

pas·sive (adj.)

Receiving or subjected to an action without responding or initiating an action in return.
Accepting or submitting without objection or resistance.
From an ethical hacking perspective, the focus is upon identifying information about the organisation under investigation, without the organisation being aware that the information has been accessed.

In the context of this technical whitepaper, “passive” refers to techniques that either do not connect to a system owned or managed by the organisation (thus they would be unaware of any such access), access to information from the organisations systems which is commonly available and would not normally ever be associated as a precursor to future attacks, or via the increasingly numerous online security analysis websites.

This includes non-intrusive techniques such as searching generic Internet resources like for information relating to the organisation, and encompasses analysis of data returned during normal interaction with the organisation – for example the banners and other system messages returned when connection to the web or mail server. However, it does not include intrusive network enumeration phases such as port-scanning.