Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
Not open for further replies.

bachelier

macrumors member
Original poster
Mar 20, 2011
38
0
This thread is to discuss the technical aspects of how is att knowing that people are tethering and possible countermeasures to use (besides stopping tethering)

Please keep this discussion technical. For legal, ethical and emotional debates, visit the thread AT&T Cracking Down on Unauthorized Tethering
 
Theory: I think it's an assumption based on excessive data usage by the user.

Countermeasure: Stop being a cellular bandwidth hog.
 
Last edited:
I start the first theory.

Theory:
The way they are most likely doing this and the way most carriers do it is using some deep packet inspection kit or maybe even a transparent proxy. They can look for browsing traffic on port 80 then simply pick out any users where the user agent string is that of a computer OS so Windows|Mac|Linux.

Countermeasure (CM):
Two options to get around it are:
1. either change your browsers UA to that of the iPhone although this will often give you mobile sites or 2. better still send everything down a VPN, that way its encrypted and they can;t see what your doing just how many bytes :) High VPN usage shouldn't be odd either as the iPhone has a VPN client so you could feasibly be using that.
This was posted by Sammachin, who used to work for a carrier
 
That's a good question.

Thanks. I'd like to see if we can use our collective brain power and individual experience trying different countermeasures (CM) to come up with (1) a good answer to how they detect tethering and (2) a good countermeasure.

If I try something and get nabbed only once then we can check it off and try something else. No need for all of us to experience the same stuff.
 
I believe it's based on assumption as well. I tether for kids in school every so often, and occasionally my laptop. I use MyWi. No notice from AT&T here.
 
What I want to know is, why do threads on stealing pirated apps get shut down but threads on breaking carrier contracts stay up?

I mean, I can understand the other thread that's simply debating the "emotional debate" aspect of it...but this one is advertised as an actual 'how to' kind of thread. Seems odd that you can do this but I can't tell you where to steal an app from.
 
I start the first theory.

Theory:
The way they are most likely doing this and the way most carriers do it is using some deep packet inspection kit or maybe even a transparent proxy. They can look for browsing traffic on port 80 then simply pick out any users where the user agent string is that of a computer OS so Windows|Mac|Linux.

Countermeasure (CM):
Two options to get around it are:
1. either change your browsers UA to that of the iPhone although this will often give you mobile sites or 2. better still send everything down a VPN, that way its encrypted and they can;t see what your doing just how many bytes :) High VPN usage shouldn't be odd either as the iPhone has a VPN client so you could feasibly be using that.
This was posted by Sammachin, who used to work for a carrier
There's only one problem with this theory. The Atomic Browser can fake user strings and it's an app in the app store.

My personal theory is that it's just based on usage. They may be using more than that but it seems like only people with higher usage are being given notices. I've used TetherMe to use Personal Hotspot with minimal usage and I've received nary a notice.
 
The only problem I see with the high usage theory, is that one guy who used 180+gb in a month supposedly hasn't received anything from at&t. Then again he could have and isn't saying.
 
It's simple. They are sniffing the TCP/IP protocol packets. All they need to know is where they came and where they are going. Not hard. With that they can see that X packet came from something connected to the iPhone, not the iPhone itself.

Well, what I said is a brutal simplification, but in general thats how they know. These was one of the reasons for the BenM hack, it eliminated this risk because it made it look as if all traffic was generated by the iPhone itself.
 
This thread is to discuss the technical aspects of how is att knowing that people are tethering and possible countermeasures to use (besides stopping tethering)

Please keep this discussion technical. For legal, ethical and emotional debates, visit the thread AT&T Cracking Down on Unauthorized Tethering

You could....um....try paying for it...then they won't bother you.

Was that technical enough?

Steve
 
Theory: I think it's an assumption based on excessive data usage by the user.

Countermeasure: Stop being a cellular bandwidth hog.

I tend to agree.

Anyone using over 10 gb is abusing. I surfed a lot these last two months over tethering and the highest I could reach is 4-5 GB. That seems responsible imo.:apple:

I start the first theory.

Theory:
The way they are most likely doing this and the way most carriers do it is using some deep packet inspection kit or maybe even a transparent proxy. They can look for browsing traffic on port 80 then simply pick out any users where the user agent string is that of a computer OS so Windows|Mac|Linux.

Countermeasure (CM):
Two options to get around it are:
1. either change your browsers UA to that of the iPhone although this will often give you mobile sites or 2. better still send everything down a VPN, that way its encrypted and they can;t see what your doing just how many bytes :) High VPN usage shouldn't be odd either as the iPhone has a VPN client so you could feasibly be using that.
This was posted by Sammachin, who used to work for a carrier

You really think AT&T would go through that kind of trouble? They couldn't handle ANY of the iPhone launches. Their servers crapped out. And theres also the fact that they have been working out a deal with TMO, I doubt they'd hire and spend time researching the "5%" of data abusers. Just doesn't make sense... it's gotta be a hunch and randomly choosing abusers.
 
Last edited:
So the purpose of this thread is to figure out how to avoid paying AT&T what they're rightfully due when tethering. :rolleyes:
 
Like other users already said, excessive usage. It's easy to tell who's tethering by simply looking at their data usage. Or at least that would be their first lead. If they see that some person is hogging a lot of data on their network, then they'll start to investigate. So bottom line, if you tether without paying, don't use a lot of data.
 
What I want to know is, why do threads on stealing pirated apps get shut down but threads on breaking carrier contracts stay up?

I mean, I can understand the other thread that's simply debating the "emotional debate" aspect of it...but this one is advertised as an actual 'how to' kind of thread. Seems odd that you can do this but I can't tell you where to steal an app from.

Please kindly use the following thread to express your frustration: :)

AT&T Cracking Down on Unauthorized Tethering

link: https://forums.macrumors.com/threads/1119791/

This thread is for technical discussions only.

Sincerely,
 
There's only one problem with this theory. The Atomic Browser can fake user strings and it's an app in the app store.

My personal theory is that it's just based on usage. They may be using more than that but it seems like only people with higher usage are being given notices. I've used TetherMe to use Personal Hotspot with minimal usage and I've received nary a notice.

Well according to this guy (rkahl) usage doesn't matter.

Google MyFi forums. They have a thread just like this one where several people have been sent the message even with low usage (less than 5gb). It doesn't sound as if usage matter's on tethering. You either are or your not according to AT&T.

https://forums.macrumors.com/threads/1119791/
 
So this will prevent AT&T from discovering unauthorized tethering?

Are you sure?
Nope... won't work.
That was the Android trick.
Those people are getting popped too.

wap.cingular is the old MediaNet pipe (GPRS and EDGE) and MMS connection.
It's used primarily for MMS traffic and fallback data when not on a 3G signal.
All newer AT&T phones use the Phone APN for data and the Broadband APN for tethering.

Anyone having high usage on the wap.cingular APN will raise a red flag for sure.
 
A good idea would be to just call the bastards and ask them.

Try technical support and see if you can get an answer. ;)
 
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.