Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities.
The word reconnaissance is borrowed from its military use, where it refers to a mission into enemy territory to obtain information. In a computer security context, reconnaissance is usually a preliminary step toward a further attack seeking to exploit the target system. The attacker often uses port scanning, for example, to discover any vulnerable ports. After a port scan, an attacker usually exploits known vulnerabilities of services associated with open ports that were detected.
Somewhat confusingly, active and passive reconnaissance are both sometimes referred to as passive attacks because they are just seeking information rather than actively exploiting the targets, as active attacks do.
Both active and passive reconnaissance are also used for ethical hacking, in which white hat hackers use attack methods to determine system vulnerabilities so that problems can be taken care of before the system falls prey to a real attack.
The simplest way to prevent most port scan attacks or reconnaissance attacks is to use a good firewall and intrusion prevention system (IPS). The firewall controls which ports are exposed and to whom they are visible. The IPS can detect port scans in progress and shut them down before the attacker can gain a full map of your network.
Continue reading about active reconnaissance:
> Reconnaissance attacks are covered in this introduction to network security.
> eTorials also covers reconnaissance attacks.