4

Background

In a standard 48-bit MAC address, the 7th (most significant) bit specifies whether it is a universally-administered address (UAA) or a locally-administered address (LAA).

If it is 0, then the MAC address is a UAA and the first 24-bits are the organizationally-unique identifier (OUI) of the manufacturer of the network interface card (NIC).

If it is 1, then the MAC address is just an LAA.

Question

Many drivers and NIC's often allow users to modify the MAC address of their device.

But, it seems Windows does not allow modifying mac addresses to universal ones (i.e., UAA's): https://superuser.com/questions/1265544/

What is the reason for this restriction? Are there security implications if this was not the case? Or, perhaps, is this merely just to prevent someone from spoofing a device as some legitimate company's network communications product? (to their ISP)

ManRow
  • 401
  • 1
  • 4
  • 10
  • 1
    Think of it as putting a new address on your front door. What can happen if the mailman sees your fake address and doesn't know it's fake? There's gonna be problems with wrongly-delivered packages, and your mailing services aren't gonna like that. – ChocolateOverflow Jun 29 '20 at 08:03
  • 1
    Because Microsoft – john doe Jun 29 '20 at 15:21

2 Answers2

5

It is difficult to answer this question, because we don't have any insights on the way of thought of those at MicroSoft.

However, as you said, there are two types of MAC's: a universally-administered address (UAA) and a locally-administered address (LAA).

UAAs get the MAC-ID from the vendor; it contains the vendor's OUI. Although you can, you should never use these yourself, unless you are a vendor. They are (more or less) guaranteed to be unique. You should never get a second device with the same MAC; no collisions.

LAAs are meant to be locally administered. If you get a collision, it's your problem.

So, for a normal end user, or even a company, if you use your MACs, you would only use LAAs, by fear of collisions. Why should you need to change it to an UAA then? Windows probably would conclude that this is an error that must be prevented.

For many of these actions, there is a "are you sure"-dialog. However, MicroSoft probably cannot see a legitimate case where such a change is needed, so you are probably hacking.

But then again, unless someone who made the decision at MS answers, we'l never know.

Ljm Dullaart
  • 1,897
  • 4
  • 11
1

But, it seems Windows does not allow modifying mac addresses to universal ones (i.e., UAA's) (...) What is the reason for this restriction? Are there security implications if this was not the case?

Marginal implications, but only if you consider changing a MAC address to be a security problem. Whilst it's not expected to happen frequently, it can happen and you can't avoid it.

I believe ultimately it is a security related decision (a weak one as I mentioned) and a way of simplifying driver code.

Or, perhaps, is this merely just to prevent someone from spoofing a device as some legitimate company's network communications product? (to their ISP)

There's value to observing MAC addresses as relatively static (like MAC white lists, etc), but this is marginal protection, since it can be trivially defeated. Some software and manufacturers though rely on MAC filtering a lot more than they should including in their marketing material.

The uniqueness of MAC addresses is a consequence (requirement?) of the Ethernet technology whereby all hosts within a local network must have a unique address for the network to work.

However, it cannot be relied upon as a security feature since, as you mentioned, MAC addresses can be changed in some cases. You have to assume it is possible that any station changes their MAC (which is difficult to tell between a new station appearing on the LAN) legitimately or as a consequence of malicious activity. Even in Windows there's techniques that can let you achieve this, certainly with some NIC brands.

Pedro
  • 3,911
  • 11
  • 25