Are there security reasons for prohibiting universal mac address modification?

Background

In a standard 48-bit MAC address, the 7th (most significant) bit specifies whether it is a universally-administered address (UAA) or a locally-administered address (LAA).

If it is 0, then the MAC address is a UAA and the first 24-bits are the organizationally-unique identifier (OUI) of the manufacturer of the network interface card (NIC).

If it is 1, then the MAC address is just an LAA.

Question

Many drivers and NIC’s often allow users to modify the MAC address of their device.

But, it seems Windows does not allow modifying mac addresses to universal ones (i.e., UAA’s): https://superuser.com/questions/1265544/

What is the reason for this restriction? Are there security implications if this was not the case? Or, perhaps, is this merely just to prevent someone from spoofing a device as some legitimate company’s network communications product? (to their ISP)

Go to Source
Author: ManRow

Does a LAN to LAN with different subnet configuration is secure?

I plan to implement the following network configuration :

Internet [(cable A)]

Router A
(192.168.0.x)[(WAN:cable A)(LAN1:cable B)(LAN2:)(LAN3:)(LAN4:)]

Router B
(192.168.1.x)[(WAN:)(LAN1:cable B)(LAN2:)(LAN3:)(LAN4:)]

The first LAN port of router A is connected into the first LAN port of router B, but both routers are in a different subnet.

Usually, when I setup two routers together, I do a double NAT configuraton (LAN to WAN) or a LAN to LAN in the same subnet.

I know the following facts:
In a double NAT configuration such as this one,

Internet [(cable A)]

Router A
(192.168.0.x)[(WAN:cable A)(LAN1:cable B)(LAN2:)(LAN3:)(LAN4:)]

Router B
(192.168.1.x)[(WAN:cable B)(LAN1:)(LAN2:)(LAN3:)(LAN4:)]

Hosts from router B can communicate with hosts from router A.
Hosts from router A can’t communicate with hosts from router B.

In a LAN to LAN in the same subnet configuration, any hosts can communicate to any. It’s the same subnet.


In the network configuration I plan to implement, LAN to LAN but in a different subnet, I noticed that hosts from both network can’t be reached. Is this a secure way to isolate networks, at least better than double NAT ?

The connected router B gets an IP address in the router A subnet (192.168.0.x).

Also, I did not have to define any static routes to get internet access, I have difficulties to understand how this is possible since router A gateway does not ping.

Go to Source
Author: pmbonneau