How is ATT discovering tethering? And possible Countermeasures!

Discussion in 'iPhone' started by bachelier, Mar 24, 2011.

Thread Status:
Not open for further replies.
  1. bachelier macrumors member

    Mar 20, 2011
    This thread is to discuss the technical aspects of how is att knowing that people are tethering and possible countermeasures to use (besides stopping tethering)

    Please keep this discussion technical. For legal, ethical and emotional debates, visit the thread AT&T Cracking Down on Unauthorized Tethering
  2. SandboxGeneral, Mar 24, 2011
    Last edited: Mar 24, 2011

    SandboxGeneral Moderator emeritus


    Sep 8, 2010
    Theory: I think it's an assumption based on excessive data usage by the user.

    Countermeasure: Stop being a cellular bandwidth hog.
  3. Applejuiced macrumors Westmere


    Apr 16, 2008
    At the iPhone hacks section.
    That's a good question.
    If it's just based on high usage there isn't much countermeasure though.
  4. bachelier thread starter macrumors member

    Mar 20, 2011
    I start the first theory.

    The way they are most likely doing this and the way most carriers do it is using some deep packet inspection kit or maybe even a transparent proxy. They can look for browsing traffic on port 80 then simply pick out any users where the user agent string is that of a computer OS so Windows|Mac|Linux.

    Countermeasure (CM):
    Two options to get around it are:
    1. either change your browsers UA to that of the iPhone although this will often give you mobile sites or 2. better still send everything down a VPN, that way its encrypted and they can;t see what your doing just how many bytes :) High VPN usage shouldn't be odd either as the iPhone has a VPN client so you could feasibly be using that.
    This was posted by Sammachin, who used to work for a carrier
  5. bachelier thread starter macrumors member

    Mar 20, 2011
    Thanks. I'd like to see if we can use our collective brain power and individual experience trying different countermeasures (CM) to come up with (1) a good answer to how they detect tethering and (2) a good countermeasure.

    If I try something and get nabbed only once then we can check it off and try something else. No need for all of us to experience the same stuff.
  6. jesusplay macrumors 6502a

    Sep 6, 2007
    change apn settings to wap.cingular.....problem solved..the default is "phone"
  7. mrat93 macrumors 65816


    Dec 30, 2006
    I believe it's based on assumption as well. I tether for kids in school every so often, and occasionally my laptop. I use MyWi. No notice from AT&T here.
  8. Small White Car macrumors G4

    Small White Car

    Aug 29, 2006
    Washington DC
    What I want to know is, why do threads on stealing pirated apps get shut down but threads on breaking carrier contracts stay up?

    I mean, I can understand the other thread that's simply debating the "emotional debate" aspect of it...but this one is advertised as an actual 'how to' kind of thread. Seems odd that you can do this but I can't tell you where to steal an app from.
  9. Thedeathbear macrumors 6502a

    Apr 18, 2010
    Is breaking your contract illegal? No, it isn't.
  10. QuarterSwede macrumors G3


    Oct 1, 2005
    Colorado Springs, CO
    There's only one problem with this theory. The Atomic Browser can fake user strings and it's an app in the app store.

    My personal theory is that it's just based on usage. They may be using more than that but it seems like only people with higher usage are being given notices. I've used TetherMe to use Personal Hotspot with minimal usage and I've received nary a notice.
  11. drummr macrumors regular

    Feb 17, 2011
    The only problem I see with the high usage theory, is that one guy who used 180+gb in a month supposedly hasn't received anything from at&t. Then again he could have and isn't saying.
  12. jav6454 macrumors P6


    Nov 14, 2007
    1 Geostationary Tower Plaza
    It's simple. They are sniffing the TCP/IP protocol packets. All they need to know is where they came and where they are going. Not hard. With that they can see that X packet came from something connected to the iPhone, not the iPhone itself.

    Well, what I said is a brutal simplification, but in general thats how they know. These was one of the reasons for the BenM hack, it eliminated this risk because it made it look as if all traffic was generated by the iPhone itself.
  13. normwood macrumors 6502a


    Sep 12, 2008
    In a house...duh!
    You paying for it...then they won't bother you.

    Was that technical enough?

  14. IBradMac, Mar 24, 2011
    Last edited: Mar 24, 2011

    IBradMac macrumors 68000


    Jun 27, 2008
    I tend to agree.

    Anyone using over 10 gb is abusing. I surfed a lot these last two months over tethering and the highest I could reach is 4-5 GB. That seems responsible imo.:apple:

    You really think AT&T would go through that kind of trouble? They couldn't handle ANY of the iPhone launches. Their servers crapped out. And theres also the fact that they have been working out a deal with TMO, I doubt they'd hire and spend time researching the "5%" of data abusers. Just doesn't make sense... it's gotta be a hunch and randomly choosing abusers.
  15. Pink∆Floyd macrumors 68020


    Nov 21, 2009
    Up There
    So this will prevent AT&T from discovering unauthorized tethering?

    Are you sure?
  16. maflynn Moderator


    Staff Member

    May 3, 2009
    So the purpose of this thread is to figure out how to avoid paying AT&T what they're rightfully due when tethering. :rolleyes:
  17. mtnDewFTW macrumors 6502a

    Oct 26, 2009
    San Francisco, CA
    Like other users already said, excessive usage. It's easy to tell who's tethering by simply looking at their data usage. Or at least that would be their first lead. If they see that some person is hogging a lot of data on their network, then they'll start to investigate. So bottom line, if you tether without paying, don't use a lot of data.
  18. bachelier thread starter macrumors member

    Mar 20, 2011
    Please kindly use the following thread to express your frustration: :)

    AT&T Cracking Down on Unauthorized Tethering


    This thread is for technical discussions only.

  19. bachelier thread starter macrumors member

    Mar 20, 2011
    Well according to this guy (rkahl) usage doesn't matter.
  20. rjohnstone macrumors 68040


    Dec 28, 2007
    PHX, AZ.
    Nope... won't work.
    That was the Android trick.
    Those people are getting popped too.

    wap.cingular is the old MediaNet pipe (GPRS and EDGE) and MMS connection.
    It's used primarily for MMS traffic and fallback data when not on a 3G signal.
    All newer AT&T phones use the Phone APN for data and the Broadband APN for tethering.

    Anyone having high usage on the wap.cingular APN will raise a red flag for sure.
  21. bachelier thread starter macrumors member

    Mar 20, 2011
    A good idea would be to just call the bastards and ask them.

    Try technical support and see if you can get an answer. ;)
  22. wordoflife macrumors 604


    Jul 6, 2009

    ^^ Haha, that part was funny.

    I am assuming that they are targeting people whose demand for data is great. Then they look at the packets to confirm.
  23. Small White Car macrumors G4

    Small White Car

    Aug 29, 2006
    Washington DC
  24. LapsangSouchong macrumors 65816


    Jul 15, 2010
    the burrows
    As with most things: even if it works now (which, who knows) it won't for long.
Thread Status:
Not open for further replies.

Share This Page