The Siphon Project

Explore the Siphon Project, a passive network mapping technique, in this Black Hat USA 2001 conference talk by Marshall Beddoe and Chris Abad. Delve into the importance of network mapping and compare active and passive mapping methods. Learn about various mapping techniques, including port mapping, operating system identification, topology mapping, and vulnerability assessment. Discover the challenges and solutions in passive network mapping, such as TCP and UDP port mapping, OS identification, and information enumeration. Gain insights into routing protocols like RIP and OSPF for topology mapping, and understand the process of converting distance vector to link state routing. Examine traffic analysis techniques and view an example Siphon report to grasp the practical applications of this innovative approach to network security.

Intro
Overview
What is Network Mapping?
Why is this Important?
Network Mapping Information
Port Information
Operating System Information
Topology Map Generation
Vulnerability Information
Current Mapping Techniques
Active Network Mapping
Active Mapping Techniques
Active Port Mapping
Active OS Identification
Active Information Enumeration
Active Topology Mapping
Active Vulnerability Assessment
Pros & Cons of Active Mapping
The Siphon Project
Passive Network Mapping
Is Passive Feasible?
Siphon Mapping Techniques
Passive TCP Port Mapping
TCP Port Mapping Challenges Problem Corruption of information caused by
Passive UDP Port Mapping
UDP Port Mapping Challenges
Passive OS Identification
Passive OS Ident. Challenges
Siphon OS Ident. Algorithm
Passive OS Ident Challenges
Passive Information Enumeration
Passive Topology Mapping
Routing Information Protocol
Topology Mapping with RIP
DV to LS Routing Conversion as a Convex Optimization
DV to LS Conversion Cont.
DV to LS Conversion Example
Open Shortest Path First
Topology Mapping with OSPF
Passive Vuln. Assessment
Traffic Analysis
Example Siphon Report
Future Features of Siphon