Difference between revisions of "Uses"

From DeepMAC Wiki
Jump to: navigation, search
(Initial page creation)
 
(Accessing)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
== Using DeepMAC Data ==
+
= Using DeepMAC Data =
  
 
The data from DeepMAC is mainly useful for asset identification during network discoveries, but can have specific applications related to security. Examples:
 
The data from DeepMAC is mainly useful for asset identification during network discoveries, but can have specific applications related to security. Examples:
  
* Detect and identify SCADA systems
+
* Detect and identify SCADA/ICS systems
 
* Find rogue devices on your network
 
* Find rogue devices on your network
* Discover outdated equipment in your environment
+
* Discover outdated equipment
* Locate systems running known, vulnerable operating systems
+
  
How useful DeepMAC is hinges on how much data we have about a MAC address and it's associated vendor. The more we can research and update the database, and the more contributions we can get, the more useful it'll be. Please consider contributing if you can.
+
How useful DeepMAC is hinges on how much data we have about a MAC address and it's associated vendor. The more we can research and update the database, and the more contributions we can get, the more useful it'll be. Please consider [http://search.deepmac.org/donate.html contributing] if you can.
 +
 
 +
== How It Works ==
 +
 
 +
  Because all MAC addresses have a 24-bit portion for an OUI, it will always be possible to extract the OUI for any given MAC address. And because all OUI's are registered through the IEEE (which is and has always been the only registrar), DeepMAC can associate any given OUI with it's approximate registration date.
 +
 
 +
  As many manufacturers and other organizations create very specific equipment, for many OUI's further details can be determined such as the device's class, model, and media type. The level of detail will vary depending on the manufacturer's industry, the amount of analysis already done and many other factors.
 +
 
 +
  Not all manufactuer's distribute their addresses in a systematic way, and many produce a wide range of products. Thus, not all metadata will be of the same quality or consistancy. DeepMAC aims to provide the greatest level of such clarity as possible, limited only by available resources.
 +
 
 +
  After obtaining an extract of DeepMAC data (see below), a company or individual can re-package the data into a set to use with whatever particular product or service. For example, a network scanning tool could take a hardware address, extract it's OUI and look it up in a DeepMAC dataset to provide the approximate year of manufacture or interface type.
 +
 
 +
== Accessing ==
 +
 
 +
=== DeepMAC Alpha Search ===
 +
 
 +
The first search engine built for the initial DeepMAC dataset, currently still available.
 +
 
 +
[http://search.deepmac.org/ http://search.deepmac.org/]
 +
 
 +
Utilizes a MySQL database to hold OUI records, which may include additional data such as device type, media type, and assignment date. Only contains data from the primary OUI registry, and does not include IAB, MA-M or MA-S registrations. Search page is written in PHP and uses no HTML5 or CSS technologies.
 +
 
 +
Exports of the database are available on the linked page above, and include the metadata accumulated to date.
 +
 
 +
=== DeepMAC Beta Search ===
 +
 
 +
Currently in planning stages. Will use a PostgreSQL database for storing of finalized records regarding each IEEE assignment relating to MAC addresses. Will include the metadata currently in the Alpha Search, along with new and distinct metadata.
 +
 
 +
Will not be available until 2019 or later as a functional interface. Early testing and previews may be possible.
 +
 
 +
=== DeepMAC Archival Data ===
 +
 
 +
The full, normalized and organized form of all IEEE registry files as documented by this project is not currently available, and may be covered under US Copyright laws regarding collections and unpublished works.
 +
 
 +
All data extracted from the archive, including metadata and analysis data, will always be available for public use in one fashion or another.
 +
 
 +
== Implementations ==
 +
 
 +
[http://www.komodolabs.com/network-scanner-news/ The Slitheris product] by [http://www.komodolabs.com/ Komodo Labs] relies in part on data from the DeepMAC project to prodide additional data on discovered systems during scans.
 +
 
 +
Future commercial and non-commercial uses of the data will appear here in the future.

Latest revision as of 14:06, 6 October 2017

Using DeepMAC Data

The data from DeepMAC is mainly useful for asset identification during network discoveries, but can have specific applications related to security. Examples:

  • Detect and identify SCADA/ICS systems
  • Find rogue devices on your network
  • Discover outdated equipment

How useful DeepMAC is hinges on how much data we have about a MAC address and it's associated vendor. The more we can research and update the database, and the more contributions we can get, the more useful it'll be. Please consider contributing if you can.

How It Works

 Because all MAC addresses have a 24-bit portion for an OUI, it will always be possible to extract the OUI for any given MAC address. And because all OUI's are registered through the IEEE (which is and has always been the only registrar), DeepMAC can associate any given OUI with it's approximate registration date.
 As many manufacturers and other organizations create very specific equipment, for many OUI's further details can be determined such as the device's class, model, and media type. The level of detail will vary depending on the manufacturer's industry, the amount of analysis already done and many other factors.
 Not all manufactuer's distribute their addresses in a systematic way, and many produce a wide range of products. Thus, not all metadata will be of the same quality or consistancy. DeepMAC aims to provide the greatest level of such clarity as possible, limited only by available resources.
 After obtaining an extract of DeepMAC data (see below), a company or individual can re-package the data into a set to use with whatever particular product or service. For example, a network scanning tool could take a hardware address, extract it's OUI and look it up in a DeepMAC dataset to provide the approximate year of manufacture or interface type.

Accessing

DeepMAC Alpha Search

The first search engine built for the initial DeepMAC dataset, currently still available.

http://search.deepmac.org/

Utilizes a MySQL database to hold OUI records, which may include additional data such as device type, media type, and assignment date. Only contains data from the primary OUI registry, and does not include IAB, MA-M or MA-S registrations. Search page is written in PHP and uses no HTML5 or CSS technologies.

Exports of the database are available on the linked page above, and include the metadata accumulated to date.

DeepMAC Beta Search

Currently in planning stages. Will use a PostgreSQL database for storing of finalized records regarding each IEEE assignment relating to MAC addresses. Will include the metadata currently in the Alpha Search, along with new and distinct metadata.

Will not be available until 2019 or later as a functional interface. Early testing and previews may be possible.

DeepMAC Archival Data

The full, normalized and organized form of all IEEE registry files as documented by this project is not currently available, and may be covered under US Copyright laws regarding collections and unpublished works.

All data extracted from the archive, including metadata and analysis data, will always be available for public use in one fashion or another.

Implementations

The Slitheris product by Komodo Labs relies in part on data from the DeepMAC project to prodide additional data on discovered systems during scans.

Future commercial and non-commercial uses of the data will appear here in the future.