Verizon Cracks Down On Jailbreak Tethering

tekgoblin writes "Verizon, like AT&T has now started blocking jailbroken phones from using un-sanctioned tethering apps. Verizon will now require users to be subscribed to a mobile tethering plan to be able to use tethering at all." So which mobile company's actually any good for 3G tethering, voice service aside? My Virgin Mobile MiFi (bought under a plan no longer available) is theoretically unlimited and "only" $40/month, but has had too much downtime for my taste, and atrocious customer service.

Re:How do they tell?

[Anonymous Coward]

Highly illegal deep packet inspection. :) It breaks a ton of privacy laws put in place by the Fed AND local governments.

Re:How do they tell?

[Anonymous Coward]

Phone based traffic is sent via their WAP gateway where as tethered traffic isn't, at least that's what someone said in a previous article on the subject. If thats true then all they need to do is monitor all non WAP traffic and compare where it's coming from against the people paying for tethering.

This is not true. WAP was for phones before they had browsers that could read full HTML. The WAP server acted as a proxy and converted the HTML down to a subset that the phones could handle. This stopping being true with the advent of modern smartphones that can do standard HTML.

While I can't say for sure, as they could be doing something I'm not aware of, my guess is it's just simple DPI which means the previous posters suggestion of using your tether to make a VPN tunnel back to your home router/server should work. Might need to check for client sigs in VPN tunnel setup as a laptop client like Cisco AnyConnect might give itself away durning initial tunnel setup.

However if you run up the bytes I'm guessing you'll still hear from them.

Re:How do they tell?

[tlhIngan]

How do they even tell tethered traffic from non?

Easy.

First, a little background.

A cellphone data connection goes through a gateway. It's not a traditional TCP/IP link, but it sure looks like one from the mobile side. What happens is the TCP/IP packets are encapsulated by the modem, forwarded to the base station, and the base station determines which gateway to use.

In GSM, the gateway is chosen by the APN you enter (or your phone automatically uses). CDMA is different, but it effectively looks up the gateway for you.

The gateway does things depending on the plan you buy. Consider the entirety of data plans available - unlimited "social networking" for feature phones, unlimited data for blackberries, gigs and gigs for smartphones, 1-2GB for laptop, each of which is increasing in price. The reason for this is service differentiation. The lowest and cheapest plan probably uses well defined proxy servers that only forward to specific hosts. The blackberry plans go to specific blackberry networks. The smartphone plans often have stuff like transparent proxying (caching plus stuff like recompression), firewalling (HTTP/HTTPS/SMTP/POP/IMAP only is typical), NAT (multiple layers).

Laptop data plans (MiFi's and the like) often stick you behind a simple NAT, but are otherwise free from other firewalling. And if you pony up $$$, you can often get VPN plans that give you a real life IP address and no firewalling.

Guess what? These firewalls also note what traffic isn't making it thorugh. Various ping probes, odd port traffic, stuff like that gets logged. Use a Windows machine and it's easy from traffic that no smartphone will ever generate.

Those who use their phone as a modem (PC does TCP/IP) are the first to trigger the alerts, those who use SSH-SOCKS (phone does TCP/IP) are harder to tell (all packets originate from phone, traffic not using proxy isn't seen), in which case they have to see if connections are made to odd ports and the like (e.g., if you try to ssh to a host).

Other techniques are a bit of packet identification and link utilization - you can easily tell a smartphone from a PC just by the way the browsers create network traffic, for example (especially with smartphone plan transparent proxies)

You think carriers are stupid for selling 2GB laptop plans when you can get 5GB smartphone plans for half the price?

Re:How do they tell?

[Tuxedo Jack]

It depends on the device you're using.

In Android and Windows Mobile 6.5/6.1/5, your NAI (network access identifier) changes based upon the type of traffic you're pushing. Tethered traffic and DUN changes your NAI to yournumber@dun.vzw3g.com. Traffic from the phone itself is simply yournumber@vzw3g.com.

Verizon has poisoned EVERY phone with Gingerbread - they have modified the OS so that activating any hotspot app, even if the phone is rooted, to trigger the NAI change and show the phrase "Tethering or Hotspot Active." The only SAFE way to tether on a Verizon phone is to run Froyo, then use free-wifi-tether's 3.x version. Alternatively, install CyanogenMod and then you can tether.

For iOS? Hell, you're screwed any way you turn.