How is ATT discovering tethering? And possible Countermeasures!

Discussion in 'iPhone' started by bachelier, Mar 24, 2011.

Thread Status:
Not open for further replies.
  1. bachelier macrumors member

    Joined:
    Mar 20, 2011
    #1
    This thread is to discuss the technical aspects of how is att knowing that people are tethering and possible countermeasures to use (besides stopping tethering)

    Please keep this discussion technical. For legal, ethical and emotional debates, visit the thread AT&T Cracking Down on Unauthorized Tethering
     
  2. SandboxGeneral, Mar 24, 2011
    Last edited: Mar 24, 2011

    SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #2
    Theory: I think it's an assumption based on excessive data usage by the user.

    Countermeasure: Stop being a cellular bandwidth hog.
     
  3. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #3
    That's a good question.
    If it's just based on high usage there isn't much countermeasure though.
     
  4. bachelier thread starter macrumors member

    Joined:
    Mar 20, 2011
    #4
    I start the first theory.

    Theory:
    The way they are most likely doing this and the way most carriers do it is using some deep packet inspection kit or maybe even a transparent proxy. They can look for browsing traffic on port 80 then simply pick out any users where the user agent string is that of a computer OS so Windows|Mac|Linux.

    Countermeasure (CM):
    Two options to get around it are:
    1. either change your browsers UA to that of the iPhone although this will often give you mobile sites or 2. better still send everything down a VPN, that way its encrypted and they can;t see what your doing just how many bytes :) High VPN usage shouldn't be odd either as the iPhone has a VPN client so you could feasibly be using that.
    This was posted by Sammachin, who used to work for a carrier
     
  5. bachelier thread starter macrumors member

    Joined:
    Mar 20, 2011
    #5
    Thanks. I'd like to see if we can use our collective brain power and individual experience trying different countermeasures (CM) to come up with (1) a good answer to how they detect tethering and (2) a good countermeasure.

    If I try something and get nabbed only once then we can check it off and try something else. No need for all of us to experience the same stuff.
     
  6. jesusplay macrumors 6502a

    Joined:
    Sep 6, 2007
    Location:
    SOUTH
    #7
    change apn settings to wap.cingular.....problem solved..the default is "phone"
     
  7. mrat93 macrumors 65816

    mrat93

    Joined:
    Dec 30, 2006
    #8
    I believe it's based on assumption as well. I tether for kids in school every so often, and occasionally my laptop. I use MyWi. No notice from AT&T here.
     
  8. Small White Car macrumors G4

    Small White Car

    Joined:
    Aug 29, 2006
    Location:
    Washington DC
    #9
    What I want to know is, why do threads on stealing pirated apps get shut down but threads on breaking carrier contracts stay up?

    I mean, I can understand the other thread that's simply debating the "emotional debate" aspect of it...but this one is advertised as an actual 'how to' kind of thread. Seems odd that you can do this but I can't tell you where to steal an app from.
     
  9. Thedeathbear macrumors 6502a

    Joined:
    Apr 18, 2010
    #10
    Is breaking your contract illegal? No, it isn't.
     
  10. QuarterSwede macrumors G3

    QuarterSwede

    Joined:
    Oct 1, 2005
    Location:
    Colorado Springs, CO
    #11
    There's only one problem with this theory. The Atomic Browser can fake user strings and it's an app in the app store.

    My personal theory is that it's just based on usage. They may be using more than that but it seems like only people with higher usage are being given notices. I've used TetherMe to use Personal Hotspot with minimal usage and I've received nary a notice.
     
  11. drummr macrumors regular

    Joined:
    Feb 17, 2011
    #12
    The only problem I see with the high usage theory, is that one guy who used 180+gb in a month supposedly hasn't received anything from at&t. Then again he could have and isn't saying.
     
  12. jav6454 macrumors P6

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #13
    It's simple. They are sniffing the TCP/IP protocol packets. All they need to know is where they came and where they are going. Not hard. With that they can see that X packet came from something connected to the iPhone, not the iPhone itself.

    Well, what I said is a brutal simplification, but in general thats how they know. These was one of the reasons for the BenM hack, it eliminated this risk because it made it look as if all traffic was generated by the iPhone itself.
     
  13. normwood macrumors 6502a

    normwood

    Joined:
    Sep 12, 2008
    Location:
    In a house...duh!
    #14
    You could....um....try paying for it...then they won't bother you.

    Was that technical enough?

    Steve
     
  14. IBradMac, Mar 24, 2011
    Last edited: Mar 24, 2011

    IBradMac macrumors 68000

    IBradMac

    Joined:
    Jun 27, 2008
    Location:
    Ohio
    #15
    I tend to agree.

    Anyone using over 10 gb is abusing. I surfed a lot these last two months over tethering and the highest I could reach is 4-5 GB. That seems responsible imo.:apple:

    You really think AT&T would go through that kind of trouble? They couldn't handle ANY of the iPhone launches. Their servers crapped out. And theres also the fact that they have been working out a deal with TMO, I doubt they'd hire and spend time researching the "5%" of data abusers. Just doesn't make sense... it's gotta be a hunch and randomly choosing abusers.
     
  15. Pink∆Floyd macrumors 68020

    Pink∆Floyd

    Joined:
    Nov 21, 2009
    Location:
    Up There
    #16
    So this will prevent AT&T from discovering unauthorized tethering?

    Are you sure?
     
  16. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #17
    So the purpose of this thread is to figure out how to avoid paying AT&T what they're rightfully due when tethering. :rolleyes:
     
  17. mtnDewFTW macrumors 6502a

    Joined:
    Oct 26, 2009
    Location:
    San Francisco, CA
    #18
    Like other users already said, excessive usage. It's easy to tell who's tethering by simply looking at their data usage. Or at least that would be their first lead. If they see that some person is hogging a lot of data on their network, then they'll start to investigate. So bottom line, if you tether without paying, don't use a lot of data.
     
  18. bachelier thread starter macrumors member

    Joined:
    Mar 20, 2011
    #19
    Please kindly use the following thread to express your frustration: :)

    AT&T Cracking Down on Unauthorized Tethering

    link: http://forums.macrumors.com/showthread.php?t=1119791&highlight=

    This thread is for technical discussions only.

    Sincerely,
     
  19. bachelier thread starter macrumors member

    Joined:
    Mar 20, 2011
    #20
    Well according to this guy (rkahl) usage doesn't matter.

    http://forums.macrumors.com/showthread.php?t=1119791&highlight=
     
  20. rjohnstone macrumors 68040

    rjohnstone

    Joined:
    Dec 28, 2007
    Location:
    PHX, AZ.
    #21
    Nope... won't work.
    That was the Android trick.
    Those people are getting popped too.

    wap.cingular is the old MediaNet pipe (GPRS and EDGE) and MMS connection.
    It's used primarily for MMS traffic and fallback data when not on a 3G signal.
    All newer AT&T phones use the Phone APN for data and the Broadband APN for tethering.

    Anyone having high usage on the wap.cingular APN will raise a red flag for sure.
     
  21. bachelier thread starter macrumors member

    Joined:
    Mar 20, 2011
    #22
    A good idea would be to just call the bastards and ask them.

    Try technical support and see if you can get an answer. ;)
     
  22. wordoflife macrumors 604

    wordoflife

    Joined:
    Jul 6, 2009
    #23

    ^^ Haha, that part was funny.

    I am assuming that they are targeting people whose demand for data is great. Then they look at the packets to confirm.
     
  23. Small White Car macrumors G4

    Small White Car

    Joined:
    Aug 29, 2006
    Location:
    Washington DC
    #24
  24. LapsangSouchong macrumors 65816

    LapsangSouchong

    Joined:
    Jul 15, 2010
    Location:
    the burrows
    #25
    As with most things: even if it works now (which, who knows) it won't for long.
     
Thread Status:
Not open for further replies.

Share This Page