How is ATT discovering tethering? And possible Countermeasures!

[bachelier]

This thread is to discuss the technical aspects of how is att knowing that people are tethering and possible countermeasures to use (besides stopping tethering)

Please keep this discussion technical. For legal, ethical and emotional debates, visit the thread AT&T Cracking Down on Unauthorized Tethering

 

[S.B.G]

Theory: I think it's an assumption based on excessive data usage by the user.

Countermeasure: Stop being a cellular bandwidth hog.

 

[Applejuiced]

That's a good question.
If it's just based on high usage there isn't much countermeasure though.

 

[bachelier]

I start the first theory.

Theory:
The way they are most likely doing this and the way most carriers do it is using some deep packet inspection kit or maybe even a transparent proxy. They can look for browsing traffic on port 80 then simply pick out any users where the user agent string is that of a computer OS so Windows|Mac|Linux.

Countermeasure (CM):
Two options to get around it are:
1. either change your browsers UA to that of the iPhone although this will often give you mobile sites or 2. better still send everything down a VPN, that way its encrypted and they can;t see what your doing just how many bytes High VPN usage shouldn't be odd either as the iPhone has a VPN client so you could feasibly be using that.
This was posted by Sammachin, who used to work for a carrier

 

[bachelier]

That's a good question.

Thanks. I'd like to see if we can use our collective brain power and individual experience trying different countermeasures (CM) to come up with (1) a good answer to how they detect tethering and (2) a good countermeasure.

If I try something and get nabbed only once then we can check it off and try something else. No need for all of us to experience the same stuff.

 

[Pmoser]

read this i know its android but it explans it well

http://androidforums.com/verizon/226440-can-verizon-tell-im-tethering.html

 

[jesusplay]

change apn settings to wap.cingular.....problem solved..the default is "phone"

 

[mrat93]

I believe it's based on assumption as well. I tether for kids in school every so often, and occasionally my laptop. I use MyWi. No notice from AT&T here.

 

[Small White Car]

What I want to know is, why do threads on stealing pirated apps get shut down but threads on breaking carrier contracts stay up?

I mean, I can understand the other thread that's simply debating the "emotional debate" aspect of it...but this one is advertised as an actual 'how to' kind of thread. Seems odd that you can do this but I can't tell you where to steal an app from.

 

[Thedeathbear]

What I want to know is, why do threads on stealing pirated apps get shut down but threads on breaking carrier contracts stay up?

Is breaking your contract illegal? No, it isn't.

 

[QuarterSwede]

I start the first theory.

Theory:
The way they are most likely doing this and the way most carriers do it is using some deep packet inspection kit or maybe even a transparent proxy. They can look for browsing traffic on port 80 then simply pick out any users where the user agent string is that of a computer OS so Windows|Mac|Linux.

Countermeasure (CM):
Two options to get around it are:
1. either change your browsers UA to that of the iPhone although this will often give you mobile sites or 2. better still send everything down a VPN, that way its encrypted and they can;t see what your doing just how many bytes High VPN usage shouldn't be odd either as the iPhone has a VPN client so you could feasibly be using that.
This was posted by Sammachin, who used to work for a carrier

There's only one problem with this theory. The Atomic Browser can fake user strings and it's an app in the app store.

My personal theory is that it's just based on usage. They may be using more than that but it seems like only people with higher usage are being given notices. I've used TetherMe to use Personal Hotspot with minimal usage and I've received nary a notice.

 

[drummr]

The only problem I see with the high usage theory, is that one guy who used 180+gb in a month supposedly hasn't received anything from at&t. Then again he could have and isn't saying.

 

[jav6454]

It's simple. They are sniffing the TCP/IP protocol packets. All they need to know is where they came and where they are going. Not hard. With that they can see that X packet came from something connected to the iPhone, not the iPhone itself.

Well, what I said is a brutal simplification, but in general thats how they know. These was one of the reasons for the BenM hack, it eliminated this risk because it made it look as if all traffic was generated by the iPhone itself.

 

[normwood]

This thread is to discuss the technical aspects of how is att knowing that people are tethering and possible countermeasures to use (besides stopping tethering)

Please keep this discussion technical. For legal, ethical and emotional debates, visit the thread AT&T Cracking Down on Unauthorized Tethering

You could....um....try paying for it...then they won't bother you.

Was that technical enough?

Steve

 

[IBradMac]

Theory: I think it's an assumption based on excessive data usage by the user.

Countermeasure: Stop being a cellular bandwidth hog.

I tend to agree.

Anyone using over 10 gb is abusing. I surfed a lot these last two months over tethering and the highest I could reach is 4-5 GB. That seems responsible imo.

I start the first theory.

Theory:
The way they are most likely doing this and the way most carriers do it is using some deep packet inspection kit or maybe even a transparent proxy. They can look for browsing traffic on port 80 then simply pick out any users where the user agent string is that of a computer OS so Windows|Mac|Linux.

Countermeasure (CM):
Two options to get around it are:
1. either change your browsers UA to that of the iPhone although this will often give you mobile sites or 2. better still send everything down a VPN, that way its encrypted and they can;t see what your doing just how many bytes High VPN usage shouldn't be odd either as the iPhone has a VPN client so you could feasibly be using that.
This was posted by Sammachin, who used to work for a carrier

You really think AT&T would go through that kind of trouble? They couldn't handle ANY of the iPhone launches. Their servers crapped out. And theres also the fact that they have been working out a deal with TMO, I doubt they'd hire and spend time researching the "5%" of data abusers. Just doesn't make sense... it's gotta be a hunch and randomly choosing abusers.

 

[Pink∆Floyd]

change apn settings to wap.cingular.....problem solved..the default is "phone"

So this will prevent AT&T from discovering unauthorized tethering?

Are you sure?

 

[maflynn]

So the purpose of this thread is to figure out how to avoid paying AT&T what they're rightfully due when tethering.

 

[mtnDewFTW]

Like other users already said, excessive usage. It's easy to tell who's tethering by simply looking at their data usage. Or at least that would be their first lead. If they see that some person is hogging a lot of data on their network, then they'll start to investigate. So bottom line, if you tether without paying, don't use a lot of data.

 

[bachelier]

What I want to know is, why do threads on stealing pirated apps get shut down but threads on breaking carrier contracts stay up?

I mean, I can understand the other thread that's simply debating the "emotional debate" aspect of it...but this one is advertised as an actual 'how to' kind of thread. Seems odd that you can do this but I can't tell you where to steal an app from.

Please kindly use the following thread to express your frustration:

AT&T Cracking Down on Unauthorized Tethering

link: https://forums.macrumors.com/threads/1119791/

This thread is for technical discussions only.

Sincerely,

 

[bachelier]

There's only one problem with this theory. The Atomic Browser can fake user strings and it's an app in the app store.

My personal theory is that it's just based on usage. They may be using more than that but it seems like only people with higher usage are being given notices. I've used TetherMe to use Personal Hotspot with minimal usage and I've received nary a notice.

Well according to this guy (rkahl) usage doesn't matter.

Google MyFi forums. They have a thread just like this one where several people have been sent the message even with low usage (less than 5gb). It doesn't sound as if usage matter's on tethering. You either are or your not according to AT&T.

https://forums.macrumors.com/threads/1119791/

 

[rjohnstone]

So this will prevent AT&T from discovering unauthorized tethering?

Are you sure?

Nope... won't work.
That was the Android trick.
Those people are getting popped too.

wap.cingular is the old MediaNet pipe (GPRS and EDGE) and MMS connection.
It's used primarily for MMS traffic and fallback data when not on a 3G signal.
All newer AT&T phones use the Phone APN for data and the Broadband APN for tethering.

Anyone having high usage on the wap.cingular APN will raise a red flag for sure.

 

[bachelier]

A good idea would be to just call the bastards and ask them.

Try technical support and see if you can get an answer.

 

[wordoflife]

Please keep this discussion technical. For legal, ethical and emotional debates, visit the thread AT&T Cracking Down on Unauthorized Tethering

^^ Haha, that part was funny.

I am assuming that they are targeting people whose demand for data is great. Then they look at the packets to confirm.

 

[Small White Car]

Please kindly use the following thread to express your frustration:

AT&T Cracking Down on Unauthorized Tethering

link: https://forums.macrumors.com/threads/1119791/

This thread is for technical discussions only.

Sincerely,

That thread has nothing to do with my comment.

News flash: Macrumors is not your personal blog. You can't boot people off of it. Go write somewhere else if that kind of thing is important to you.

 

[LapsangSouchong]

So this will prevent AT&T from discovering unauthorized tethering?

Are you sure?

As with most things: even if it works now (which, who knows) it won't for long.