Verizon Cracks Down On Jailbreak Tethering

tekgoblin writes "Verizon, like AT&T has now started blocking jailbroken phones from using un-sanctioned tethering apps. Verizon will now require users to be subscribed to a mobile tethering plan to be able to use tethering at all." So which mobile company's actually any good for 3G tethering, voice service aside? My Virgin Mobile MiFi (bought under a plan no longer available) is theoretically unlimited and "only" $40/month, but has had too much downtime for my taste, and atrocious customer service.

Re:How do they tell?

[tlhIngan]

How do they even tell tethered traffic from non?

Easy.

First, a little background.

A cellphone data connection goes through a gateway. It's not a traditional TCP/IP link, but it sure looks like one from the mobile side. What happens is the TCP/IP packets are encapsulated by the modem, forwarded to the base station, and the base station determines which gateway to use.

In GSM, the gateway is chosen by the APN you enter (or your phone automatically uses). CDMA is different, but it effectively looks up the gateway for you.

The gateway does things depending on the plan you buy. Consider the entirety of data plans available - unlimited "social networking" for feature phones, unlimited data for blackberries, gigs and gigs for smartphones, 1-2GB for laptop, each of which is increasing in price. The reason for this is service differentiation. The lowest and cheapest plan probably uses well defined proxy servers that only forward to specific hosts. The blackberry plans go to specific blackberry networks. The smartphone plans often have stuff like transparent proxying (caching plus stuff like recompression), firewalling (HTTP/HTTPS/SMTP/POP/IMAP only is typical), NAT (multiple layers).

Laptop data plans (MiFi's and the like) often stick you behind a simple NAT, but are otherwise free from other firewalling. And if you pony up $$$, you can often get VPN plans that give you a real life IP address and no firewalling.

Guess what? These firewalls also note what traffic isn't making it thorugh. Various ping probes, odd port traffic, stuff like that gets logged. Use a Windows machine and it's easy from traffic that no smartphone will ever generate.

Those who use their phone as a modem (PC does TCP/IP) are the first to trigger the alerts, those who use SSH-SOCKS (phone does TCP/IP) are harder to tell (all packets originate from phone, traffic not using proxy isn't seen), in which case they have to see if connections are made to odd ports and the like (e.g., if you try to ssh to a host).

Other techniques are a bit of packet identification and link utilization - you can easily tell a smartphone from a PC just by the way the browsers create network traffic, for example (especially with smartphone plan transparent proxies)

You think carriers are stupid for selling 2GB laptop plans when you can get 5GB smartphone plans for half the price?