AT&T Cracking Down On Unofficial iPhone Tethering 513
An anonymous reader writes "AT&T is sending warning notifications to jailbroken iPhone users who use unofficial tethering methods like MyWi and PDANet. 'Customers are being notified that their service plans need updating to subscribe to a tethering plan, and that they will be automatically subscribed to a DataPro 4GB package that costs an additional $45 per month if they continue to tether.'"
USA #1 (Score:2, Informative)
But this is Apple's fault too. If you go with Windows phones you can tether how you want, as they only care about iPhone users and can't detect Windows traffic from other Windows traffic.
Re:USA #1 (Score:5, Informative)
Do Americans know that no one else in the world does this? Not in Europe, not in Asia. They sell you the service and you use it how you want.
O2 in the UK charge £7.50/mo for a tethering + 500MB bolt-on for consumer tariffs (you can't buy the tethering without the additional data). I believe 3 offer it free, but not sure about others.
Re:Detection (Score:5, Informative)
If you look at your bill, it shows how much data per day and when the sessions started and stopped. Short sessions are not counted separately, rather grouped into the previous or next major session. I tether, and I just checked my bill, currently about 2.5 g per month is what I am running on the high side.
here is a sample from a few days of use last month..
336 MON 01/31/2011 9:23AM Data Transfer Data 222,366 KB DPPB AT GPRR Out 0.00
337 MON 01/31/2011 11:30AM Data Transfer Data 75,889 KB DPPB AT GPRR Out 0.00
338 MON 01/31/2011 11:02PM Data Transfer Data 513 KB DPPB AT GPRR Out 0.00
339 TUE 02/01/2011 12:02AM Data Transfer Data 4,323 KB DPPB AT GPRR Out 0.00
340 WED 02/02/2011 8:27AM Data Transfer Data 38,168 KB DPPB AT GPRR Out 0.00
341 WED 02/02/2011 11:32AM Data Transfer Data 107,778 KB DPPB AT GPRR Out 0.00
342 WED 02/02/2011 2:50PM Data Transfer Data 38,417 KB DPPB AT GPRR Out 0.00
Even if I was streaming pandara all day, and surfing the internet, and using various network aware apps and youtube (which would conflict with pandora from an audio standpoint), it would still be hard to hit 220 meg between say 930am and 1130am on lines 336 and 337.
That would be a dead giveaway. They would not even have to use deep packet inspection to pull agent strings, or anything.
But like someone else said, they are probably just going to hit people that use exorbitant amounts of bandwidth, although as a security person, I could easily develop something automated to find the majority of those tethering without any human interaction required..
Re:USA #1 (Score:5, Informative)
Indeed, how do Americans fall for this stuff while people in other nations seem to be able to get better deals? Are we really just that dumb?
Not that much. The "will happily pay thousands of dollars because they're giving me a free phone now" is possible thanks to a logical fallacy called "hyperbolic discounting" [rochester.edu] -- the article in the link refers to lab animals, but it's proven that it works on humans, too. Simpler descriptions here [damninteresting.com] and here [wikimedia.org]. Of course it's being exploited and used as a marketing method since years. ;) but this marketing technique is so widespread we don't even notice anymore.
And: not only Americans fall for this, and endless businesses all around the world use this trick to, well, screw us. We Europeans just like to think we are smarter than the yanks
Re:Legality? (Score:5, Informative)
Tethering without a tethering plan breaches your contract, so they can refuse to provide service, request you pay more for your plan, or do about anything.
Re:Detection (Score:4, Informative)
The tethering app makes the network level requests look like they are coming from the phone because they are, but the application level packet data can easily enough be looked at to determine what type of traffic it actually is.
Even More Plus by T-Mobile (Score:4, Informative)
It's easy to detect NAT routers (Score:2, Informative)
Probably not - most likely this is just using NAT or whatever which isn't easily detected.
Ha! I wrote a paper on NAT detection and NAT client-counting in grad school. It's really easy.
1) Looks for IP packets with weird TTLs. If any packet originating from a "normal" phone has a TTL of 128 or 64 or whatever, and you see a bunch of packets hitting your gateway with 127 or 63 TTL values, that means there's a network device (your phone's NAT software) between the packet-originator (computer that's tethered) and the network. It's *especially* glaring if you have a mix of TTL values, like 63 & 127, which means there are probably multiple machines behind the NAT (I think Linux/UNIX IP stack uses 128, and Windows uses 64, or maybe the reverse. But they're different).
2) IP packets have a header field called "IP ID" that is optional and the OS can do pretty much whatever it wants with it, *and* most NAT routers leave the field untouched (don't rewrite it). A lot of OSes use is as a universal packet-counter (every time a packet goes out, it increments the field by one), or some OSes increment the field every time a new source port is used to send a packet (which makes it much harder to count clients). If you see a pattern like this in the IP ID field of packets inbound to your network:
465,466,467,128,129,468,130,131,469,470,471,132
it's pretty obvious there are 2 computers talking through the NAT, one numbering 465-471, the other 128-132.
So yeah, it can be done, REALLY easily. Of course, you could easily write a stealth NAT routing algorithm that replaces all TTL values with 128 or 64, or re-writes the IP ID field to make it look like one machine, but as far as I know normal commercial products don't do that. Maybe the PDANet authors were smart enough to do that. But the things I outlined let you do it without deep packet inspection, you can just check the headers.
http://www.springerlink.com/content/u055738wk18835l0/ [springerlink.com]
Posting anon so you can't link my real identity (Kenneth Straka) to my Slashdot ID. :)