Friday, March 18, 2011

Tethering mobile devices for free

In today's glorious world of mobile computing and smartphones, the line which separates "mobile devices" from actual computers is becoming increasingly blurred and will soon disappear entirely.

Many individuals have taken to using their smartphones as broadband connections for other devices such as laptops and netbooks in a process commonly known as "tethering". As far as convenience goes, the benefits are pretty clear: a single, portable Internet access point for use with whichever device is most readily available at the time.

Unfortunately many providers in various countries have taken steps to either reduce or profit from this activity by either making tethering a violation of their terms of service, or offering a separate "tethering package" - which essentially amounts to making you pay an additional service overhead whenever you want to use your phone as a modem for another device.

Legality and ethics aside, this article isn't meant to focus on the why, but rather on the how. Specifically, how can they tell you're tethering, and what can be done to circumvent it? We'll approach these one at a time.

How can they tell?

All IP packets have a field known as the TTL. This stands for the Time To Live. Every "hop" a datagram takes from one router to the next on the way to its destination reduces the TTL by one. Once the TTL reaches zero, the packet is dropped.

This functionality was implemented so that packets affected by some routing error and which find themselves going in a circle will eventually simply disappear as soon as their TTL reaches 0, instead of snowballing into a packet storm. All routing devices do this, and generally it's a Good Thing.

All operating systems have a standard TTL set on outgoing datagrams up to a maximum possible value of 255. Let's assume that both your Windows laptop and your iPhone have a TTL of 128. When you connect to the Internet directly from your phone, the data packets leave the device and hit your network provider's router (the first hop) with a TTL of 128. The router will decrement the value by one to 127 as the packet leaves their network on its way to the Internet.

On the other hand if you're connecting from a laptop using your iPhone, the phone itself is acting as a router and any packets originating on the laptop will have a TTL of 127 as soon as they hit your provider's router. In this way they can see that there was an additional network hop before the packet reached them, and from this they logically deduce that the iPhone is tethered to a laptop/notebook/whatever.

Okay, so how can we get around that?

The most obvious solution is to modify the TTL of the datagrams at their source. If, as in the example above, the TTL on your iPhone is set to 128, changing the default TTL on your laptop to 129 will mean that after the value is decremented by your phone, the provider will receive a packet with the expected TTL of 128. To them it will appear as though you're browsing directly from your phone.

Unfortunately there is one caveat: If the TTL on your mobile device is set to 255, I'm afraid you're shit-outta-luck. Seeing as the TTL is an 8-bit field in IPv4 packets, it can only accomodate 256 possible values: 0 - 255. You cannot possibly set it to 256 on any device ever. Fortunately in most circumstances this is not the case.

According to Deutsche Telekom Laboratories (PDF), "The default IP TTLs of popular MHDs (mobile hand-held devices) differ from those of the most commonly used home OSs. The default TTL of iPhones/iPods and Macs is 64, Symbian uses 69, while Windows uses 128. This enables us to separate MHD usage from regular PC."

To modify the default TTL in Windows, do the following:
  1. Click on Start and Run (or Search) and type "regedit" to open the Windows registry editor.
  2. Navigate to the following registry key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
  3. In the right-hand pane, right-click and select "New - DWORD (32-bit value)" and set its name to "DefaultTTL" and its value to anything between 0 and 255.
On Unix-like operating systems, the TTL is usually set to 64. In BSD or OS X you can easily change it using sysctl to modify net.inet.ip.ttl. For Linux, simply modify the net.ipv4.ip_default_ttl sysctl variable. To make the changes persist across reboots, add the changes to /etc/sysctl.conf. If you're unfamiliar with using sysctl, be sure to read the man page before proceeding.

A few last thoughts.

Already a few possible questions pop up in my head.

"Why not just spoof my User Agent when browsing?" I have always been and remain against spoofing of User Agents. Not only does it damage the efficacy of legitimate browser statistics, but it simply does not work. It's like a burglar who begins to meow after being caught red-handed in the hope that you'll assume he's a kitten and leave him alone. Any device, application or extension that promises to protect you by spoofing your UA is snake oil.

"Isn't there some other way that they can tell?" Frankly yes, but you don't need to worry about it. This would require deep packet inspection, and for any ISP who would benefit from disallowing or charging for tethering, DPI would be prohibitively expensive.

"Can I get in trouble doing this?" No. Changing the default TTL on your laptop/netbook/PC is absolutely not prohibited by any law. Just don't e-mail your mobile provider boasting about how you "cleverly" circumvented their tethering policy. You'll find your contract voided painfully fast.

"Can I damage my computer or my network doing this?" As long as you don't set the TTL inordinately low nor go out of your way to do stupid things with firewalls, you'll be fine. Imagine a TTL set to 5 and after a 4-hop loop the packet arrives back at your router. The loop will continue indefinitely until you reboot the router.

In summary, TTLs are serious business!

Good luck and have fun!

Monday, March 14, 2011

Guilt, denial and groupthink

As is normal for a group of people who work together, every once in a while at our office an email gets sent out - usually by the boss - hilighting and chastising some egregious behaviour; be it anything from unprofessional conduct with a client to a lack of hygene in the bathroom.

A personal observation is that, usually without variance, every member of our staff (bear in mind, we are a small company of only 8 employees, all sharing a single office) replies with some form of indignation at the behaviour described. Seeing as at least one member of staff must be guilty of said behaviour, the fact that there is a universal display of scorn introduces an ostensible paradox.

From a purely cognitive point of view, this phenomenon never ceases to fascinate me, and I believe it treads into the realm of a branch of mathematics known as game theory.

When the original email enters the wilderness of the office network, the initial reaction of everyone involved is to speculate as to whom the guilty party might be; a zero-sum game is created. By responding with (sincere or pseudo) indignation, the individual believes himself to be removed from the pool of possible suspects. However, the consequences of this behaviour are purely mathematical and fully predictable.

As the pool of possible suspects shrinks, so does the likelihood increase that more individuals will react with this form of veiled denial in order to remove themselves from the pool and eliminate any chance of suspicion. Of course, the guilty party (or parties) must play this game too, in order to avert suspicion. This eventually leads to the absurd conclusion that everyone appears to be in equal disgust at behaviour in which at least one of the parties involved must surely have participated. Thus, everyone involved ends up looking even more foolish.

This is a variation of the so-called prisoner's dilemma that is occasionally found in game theory. As the dilemma itself illustrates, the best possible outcome for all parties involved is to accept, each and equally, some measure of the guilt and for no single individual to deny any burden of the guilt. In this way, the shared guilt amounts to less of a loss than the shared foolishness of the absurdity of a universal denial in the face of evidence to the contrary.

The dilemma, of course, is that none of the parties involved cooperates, even though it's in everyone's best interest to do so.

In this example we see mathematical principles being highlighted in our daily interactions, and not simply being relegated to the notebooks of mathematicians.