What is active reconnaissance? - Definition from WhatIs.com


active reconnaissance

Part of the Network security glossary:

Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities. 

The word reconnaissance is borrowed from its military use, where it refers to a mission into enemy territory to obtain information. In a computer security context, reconnaissance is usually a preliminary step toward a further attack seeking to exploit the target system. The attacker often uses port scanning, for example, to discover any vulnerable ports.  After a port scan, an attacker usually exploits known vulnerabilities of services associated with  open ports that were detected.

Somewhat confusingly, active and passive reconnaissance are both sometimes referred to as passive attacks because they are just seeking information rather than actively exploiting the targets, as active attacks do.

Both active and passive reconnaissance are also used for ethical hacking, in which white hat hackers use attack methods to determine system vulnerabilities so that problems can be taken care of before the system falls prey to a real attack.

The simplest way to prevent most port scan attacks or reconnaissance attacks is to use a good firewall and intrusion prevention system (IPS). The firewall controls which ports are exposed and to whom they are visible. The IPS can detect port scans in progress and shut them down before the attacker can gain a full map of your network.

See also: cracker, hacker, well-known port number, vulnerability analysis (vulnerability assessment)


Continue reading about active reconnaissance:

> Reconnaissance attacks are covered in this introduction to network security.

> eTorials also covers reconnaissance attacks.

This was last updated in April 2012
Posted by: Margaret Rouse

Related Terms


  • going dark

    - The going dark problem, as described by the FBI, is the Bureau’s inability to access legally intercepted communications and information because of the encryption technologies used for data privacy ... (WhatIs.com)

  • threat actor

    - A threat actor is an entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact -- the security of an organization. (WhatIs.com)

  • threat intelligence service (TI service)

    - A threat intelligence service (TI service) is a provider of information about current or emerging threats that could negatively impact the security of a customer’s organization. (WhatIs.com)


  • Network security

    - Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question About active reconnaissancePowered by ITKnowledgeExchange.com

Get answers from your peers on your most technical challenges

Tech TalkComment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.