[154] in WWW Security List Archive
re: what are realistic threats
daemon@ATHENA.MIT.EDU (Dave Kristol)
Thu Sep 29 15:38:10 1994
Date: Thu, 29 Sep 94 09:00:28 EDT
From: dmk@allegra.att.com (Dave Kristol)
To: shirey@mitre.org
Cc: www-buyinfo@allegra.att.com, www-security@ns1.rutgers.edu
Reply-To: dmk@allegra.att.com (Dave Kristol)
shirey@mitre.org (Robert W. Shirey) says:
> At 10:00 AM 9/28/94 -0400, Dave Kristol wrote:
>
> >Given these definitions, an "active" attack is the same as a "hardware"
> >attack.
>
> That is *not* the widely-accepted definition, and it will just cause
> confusion.
>
> Regarding definitions, how about these (again, from a IRTF/IETF document
> in progress):
>
> A *passive attack* does not modify data or affect system operation
> but an *active attack* does.
> [Lots of valuable stuff deleted]
Okay, I stand corrected. There's still one class of stuff that seems
to fall in a gray area: bogus packets introduced by an adversary, such
as for replay attacks or to otherwise fool a host. Your definition
only makes that an *active attack* if it actually affects system
operation. The packets were no doubt MEANT to affect system operation,
but perhaps countermeasures thwart the attack. I think the definition
of *active attack* should reflect intent, not success.
