I am using manjaro Linux, And create a Hotspot with create_ap script I spoof my mobile and laptop to have the same MAC address
What can I do so they can not detect I am using my mobile connected to my laptop with a Hotspot?
Asked
Active
Viewed 307 times
0
-
2How would the isp know? – yeah_well Nov 19 '19 at 18:42
-
...and why would they care? – Esa Jokinen Nov 19 '19 at 20:39
-
You Assume that they do care – Sina M Nov 19 '19 at 20:41
-
@EsaJokinen Many ISPs in the US (not sure about other areas) offer "hotspot access" as an added option for an extra charge, so they may have a financial incentive to detect and block you if you're using a hotspot without paying extra for it. – user Nov 19 '19 at 20:55
-
Ok. Welcome to Finland, the country of unlimited mobile data. – Esa Jokinen Nov 20 '19 at 03:10
2 Answers
3
It is not easy or depending on your usage pattern it might even be impossible to fully hide the use of multiple devices on a single ISP connection. It also depends on the effort an ISP is making to detect such "abuse" and on its willingness to fight such abuse even if he is not 100% sure since detections might result in false positives.
The usual way to have multiple devices on a single link is to use NAT. But this can be detected by the ISP because of differences on the devices TCP/IP stacks which allow passive OS fingerprinting. Additional changes are done to the packets by the NAT itself, like decreasing the TTL and maybe changing the source port. See Detecting NAT Devices using sFlow and A Technique for Counting NATted Hosts for some more information. And there are actually DPI libraries used by ISP which offer the capability to detect the use of NAT and the number of devices behind it.
Using a proxy (e.g. HTTP proxy like squid) instead of doing NAT hides these differences since all TCP/IP connections now originate from the same system. Still, unusual usage pattern like a User-Agent header in the browser which does not match the detected OS or different User-Agent headers from the same system might give the ISP a clue that multiple devices (or browsers) are involved. While the User-Agent header could be set to some fixed value inside a proxy there or other methods for detection, like having multiple cookies for the same site or having multiple fingerprints for the TLS stack.
Steffen Ullrich
- 184,332
- 29
- 363
- 424
-1
NAT all your internal traffic behind the Hotspot device so you ISP will only see 1 device (IP address) connected and sending traffic to internet.
ravasquezgt
- 1
- 2
-
Use of multiple devices behind a NAT can actually be detected and at least some DPI libraries used by mobile providers offer such capabilities. See [Can ISP distinguish/identify devices behind NAT?](https://security.stackexchange.com/questions/187195/can-isp-distinguish-identify-devices-behind-nat) or [Detecting NAT Devices using sFlow](https://sflow.org/detectNAT/) for more information. – Steffen Ullrich Nov 19 '19 at 19:16