<img height="1" width="1" src="https://www.facebook.com/tr?id=3323484487762706&amp;ev=PageView&amp;noscript=1">
Blog Articles, Sonar

Published OUI Vendor List

Sep 22, 2021
New call-to-action

Recent Content

All MAC addresses should resolve to a list of known vendors, or at the very least indicate the type of MAC address. In this case, SONAR can discover new devices that connect to your network with MAC addresses that are neither locally administered address (LAA) nor resolvable to a known vendor in the published list. This post will help you understand more about the published OUI vendor list.

 

Understanding MAC address

MAC Address, or media access control address in full, is a unique ID assigned to network interface cards (NICs). Sometimes MAC address is also referred to as a hardware or physical address. Naturally, MAC address is used for network communication between devices in a network segment. Other times, network admins use the unique ID to identify devices’ manufacturers.

Normally, the network adapters or network interface cards come with a MAC address fed into the hardware, mainly in BIOS systems or read-only memory (ROM). The addresses are 48-bit (6 bytes or 12 hex characters) values, commonly split by colons, dashes, or dots.

Aa:bb:cc:dd:ee:ff

aa-bb-cc-dd-ee-ff

aabcc-ddeeff

aabb.ccdd.eeff

 

What is an OUI?

PCMag defines organizational unique identifier (OUI) as the part of the MAC address that identifies the vendor of a network adapter. The OUI is the first three bytes (24-bit number) of the six-byte field assigned to a network device or station manufacturer or vendor.

MAC addresses are commonly split, with the leading bits representing the OUI. In our MAC address example, the corresponding 24-bit OUI would be aabbcc, while the host bits would be ddeeff.

The Institute of Electrical and Electronics Engineers (IEEE) Registration Authority assigns these globally unique identifiers. A statement on the IEEE website reads, “OUI is an IEEE Registration Authority (RA) specific term referred to in various standards and may be used to identify companies on the IEEE Public Listing.”

 

OUI Vendor List and Wireless Security

All the details about the MAC address and OUI are interesting. But what does it have to do with security? OUI and MAC addresses are useful in diagnosing network and security issues, especially because they never change, as opposed to dynamic IP addresses that can range from time to time. With MAC addresses, a network admin or security analyst can identify senders and receivers of data on a network.

More frequently when looking at MAC address tables, we see something ‘odd.’ It would be essential to have a quick lookup tool that maintains an OUI table in an understandable format. That way, security analysts working on an incident where MAC/OUI information is crucial in determining a mitigation solution can look up the address to determine the vendor and possible vulnerabilities in a network device.

Examining MAC address information reveals details about the vendor behind a device connected to a network. Also, you can look through logs to identify devices attempting to connect to wireless access points (APs).

With an appropriate MAC Address Lookup Tool, you can search your MAC Address or OUI in the mac address vendor database. A MAC Address vendor database consists of a list of mac addresses of all devices manufactured till date.

That way, users can deploy a look-up tool to find the mac address from this database, consequently revealing information on which manufacturer originally manufactured a device and the prefix and postfix of a given mac address. What’s more, the MAC Address vendor database shows details of the country where a device was manufactured. Overall, such information helps verify the generated mac address with the vendor in the OUI vendor database.

 

Next Steps

Once you discover a new device connected to the network with a MAC address that does not resolve to a vendor in the published list, you can deploy a MAC filtering process. This security measure configures your router or AP to reject traffic and requests from this specific MAC address.

This way, devices whose MAC addresses fail to resolve will not communicate through the network, even if they receive new IP addresses from DHCP. The process effectively blocks such new devices, which might belong to malicious cyber actors. The wireless network will block a hacker who has hijacked a network IP address, but their MAC address fails to resolve to a vendor in the published list.
Corey Belanger

Corey Belanger

Corey is a Security Consultant and leads QA of product development, using his expertise in these dual roles to more effectively test and secure applications, whether while building enterprise applications or while performing penetration tests and vulnerability assessments for customers. An Army veteran with a tour of duty in Afghanistan, Corey has built a post-military career in security while earning Network+, Security+, GIAC Certified Incident Handler, GIAC Python Coder, GIAC Web App Penetration Testing, and GIAC Penetration Tester certifications. Corey is also a BsidesNH organizer and founding member of TechRamp, avenues which he uses to help others build their skills for careers in security and technology. Fun Fact: When not manning a terminal or watching the Bruins, Corey can often be found snowboarding or riding his motorcycle.

LinkedIn
View all posts

Minimize your Cyber Risks

A comprehensive package of services designed to bring maximum security benefits at minimal cost without sacrificing quality.

Learn More 

100% of the team holds advanced cybersecurity certifications.

  • Certified Ethical Hacker
    Certified Ethical Hacker
    Certified Information Systems Security Professional
    Certified Information Systems Security Professional
    CompTIA Security+ Certified
    CompTIA Security+ Certified
    OSWP Offensive Security
    OSWP Offensive Security
    GIAC Security Expert
    GIAC Security Expert
    Offensive Security Certified Expert
    Offensive Security Certified Expert
    Offensive Security Certified Professional
    Offensive Security Certified Professional
    GIAC Exploit Researcher and Advanced Penetration Tester
    GIAC Exploit Researcher and Advanced Penetration Tester
    GIAC Web Application Penetration Tester
    GIAC Web Application Penetration Tester
    GIAC Certified Penetration Tester
    GIAC Certified Penetration Tester
  • GIAC Mobile Device Security Analyst
    GIAC Mobile Device Security Analyst
    GIAC Certified Incident Handler
    GIAC Certified Incident Handler
    GIAC Assessing and Auditing Wireless Networks
    GIAC Assessing and Auditing Wireless Networks
    GIAC Python Coder
    GIAC Python Coder
    GIAC Reverse Engineering Malware
    GIAC Reverse Engineering Malware
    GIAC Network Forensic Analyst
    GIAC Network Forensic Analyst
    GIAC Certified Forensic Analyst
    GIAC Certified Forensic Analyst
    GIAC Certified Forensic Examiner
    GIAC Certified Forensic Examiner
    GIAC Certified Intrusion Analyst
    GIAC Certified Intrusion Analyst
    GIAC Certified Detection Analyst
    GIAC Certified Detection Analyst
  • GIAC Continuous Monitoring Certification
    GIAC Continuous Monitoring Certification
    GIAC Certified Unix Security and Administration
    GIAC Certified Unix Security and Administration
    GIAC Certified Windows Security Administrator
    GIAC Certified Windows Security Administrator
    GIAC Critical Controls Certification
    GIAC Critical Controls Certification
    GIAC Security Essentials Certification
    GIAC Security Essentials Certification
    GIAC Defending Advanced Threats
    GIAC Defending Advanced Threats
    GIAC Law of Data Security & Investigation
    GIAC Law of Data Security & Investigation
    CompTIA Network+ Certified
    CompTIA Network+ Certified
    Scrum Alliance CSP-SM Certified
    Scrum Alliance CSP-SM Certified
    Microsoft MTA Security Fundamentals
    Microsoft MTA Security Fundamentals
  • Microsoft MTA Database Fundamentals
    Microsoft MTA Database Fundamentals
    CISCO Certified CCNA
    CISCO Certified CCNA
    AWS Certified Solutions Architect Associate
    AWS Certified Solutions Architect Associate
offsec
  • Home
  • Services
  • Partners
  • About
  • Contact
  • Contact

Copyright © 2023 Pulsar Security

|

Privacy Policy

|

Terms & Conditions

Website Design & Development by CommonPlaces Interactive