50
7
The Internet package that I'm using allows up to two devices to be connected to the Internet at one time. One of those slots is taken up by the host computer and the other by someone else's device not related to what I'm doing.
If I were to connect a virtual machine to the Internet, would that count as a third device? Or would it just use the host's connection?
Zerbu
Posted 2017-07-24T02:11:41.783
Reputation: 483
79
Most ISP usually don't have visibility on the actual number of devices connected on your home because you are behind a router (that probably runs a NAT that assigns each of your home devices an internal IP).
As far as the ISP can see, there is only 1 connection (via your router) to the ISP. How many devices behind the router is usually not visible. Unless each devices have their own public IP (which is usually not the case).
If the ISP somehow has visibility of how many devices connected to the router and using this information to determine how many devices in your house - as long as your VM network is on NAT mode, it will be fine (as the connectivity is behind your host machine).
If you set it to Bridging mode (where the VM will have its own IP in the LAN) - it will be then detected as the 3rd device as the VM will need its own IP address on the LAN.
Edit (Credit to TheCatWhisperer):
It is incorrect to say that they cannot see how many devices you are using if you use your own router. Unless ALL your requests are encrypted, they can simply examine the user agent string sent in most requests. Whether they would actually go to this trouble or not, who knows.
Darius
Posted 2017-07-24T02:11:41.783
Reputation: 4 817
Comments are not for extended discussion; this conversation has been moved to chat.
– DavidPostill – 2017-07-25T17:48:01.437iirc, ISPs in the US inspect the MAC address to determine the number of connected devices. I actually had a router in a previous work place which could fake the MAC address specifically to overcome this restriction. – Tsahi Asher – 2017-07-26T15:21:50.007
1@TsahiAsher: Do ISPs even see MAC addresses behind a router? – user541686 – 2017-07-26T17:21:51.847
4The user-agent sniffing approach would break even with legitimate usage - a lot of iOS apps who do HTTP traffic have their own user-agents, so there's no way they would be doing something like this as they'd get more false positives than anything else. – André Borie – 2017-07-26T18:17:14.063
@Mehrdad i believe they can, perhaps through the ARP protocol. – Tsahi Asher – 2017-07-27T10:58:49.233
5
I had a similar restriction (Fastweb Italy), it was enough to connect a router to the modem/router of the ISP. Make the router create its own NAT with its own pool of IPs.
Doing so the ISP will only see a single device connected.
To avoid problems when you need assistance from them, set the MAC address and the name of the router to the ones of one of your devices. Doing so they will not see the router but a computer.
Fez Vrasta
Posted 2017-07-24T02:11:41.783
Reputation: 221
Italian here. I am not sure those restrictions are legal in our country. Do you have a link about the terms and conditions that force you to use a maximum number of devices? – Andrea Lazzarotto – 2017-07-25T14:03:37.260
It happened several years ago, I think they removed this limitation already. It was just something set in the modem/router that limited the devices connected at the same time – Fez Vrasta – 2017-07-25T14:18:49.617
1Gosh, that's outrageous. – Andrea Lazzarotto – 2017-07-25T16:53:35.617
2
It depends what they're looking at.
When you make web requests over HTTP (not HTTPS) your browser will send a "user-agent", identifying your platform and browser and browser version, this is how in the UK some of the mobile networks detect and warn if they detect tethering (which is against their terms). For this they will need to be doing Deep Packet Inspection (DPI).
The other way they may detect an additional device is if you typically use a Linux machine and then you start connecting to Windows Update and vice versa.
As others have mentioned if your ISP provides your router they may be able to work out what devices are connected but if it is your own router they will not be able to see LAN activity only that which goes out on to the Internet which will instead be masked by your router.
So specifically for whether your ISP has supplied a router and can detect activity on the LAN is the following:
Hypervisors typically offer 3 options for virtual machine connectivity.
Bridged - which is where the OS will let it send commands over the network directly (i.e. device appears like another device directly plugged into your network)
NAT - Shares the address of the host computer.
Internal/Host - Doesn't communicate directly with the wider network you are connected to.
See also VirtualBox's manual for VirtualBox specific explanation although others may be different they typically offer similar functionality.
Matthew1471
Posted 2017-07-24T02:11:41.783
Reputation: 1 112
2Wouldn't that false positive on some reasonably common privacy tricks? – not store bought dirt – 2017-07-25T20:58:11.827
Well on the mobile network example they're only expecting Android, iPhone or Windows Mobile.. Seeing a desktop user-agent (i.e. Windows 8.1 means the user must be tethering). The common privacy tricks might not involve fundamentally changing the platform part of the UA but even if they do It's difficult for us to know for sure how they enforce their policy... but these are the methods I'm aware of. – Matthew1471 – 2017-07-28T17:33:12.640
@Matthew1471 what if you use the "request desktop website" mode? It seems unreliable – Fez Vrasta – 2017-07-29T08:51:52.043
It's up to the network provider how they implement this. I couldn't comment. Even with the "desktop website" there may be some tell tale signs that it's still a mobile (i.e. a fictitious version number). – Matthew1471 – 2017-10-20T17:25:24.573
54"The Internet package I'm using allows up to two devices to be connected to the Internet at one time." I have never heard of such a restriction and I'd be curious to learn how they implement it. Could you share which ISP this is? – Luc – 2017-07-24T06:02:47.423
18You should ask your ISP about this. Only they will know their own mind. – Stig Hemmer – 2017-07-24T07:04:30.380
13Is not the situation that the ISP's device (modem or whatever) does not perform NAT (network address translation) by default and the limitation to two devices is for the situation where the two devices would be assigned public IP addresses? --- Similar conditions could apply to a connection offered by UPC Czech Republic for example. – pabouk – 2017-07-24T08:30:43.603
20You question can be interpreted in multiple ways: "Can my ISP detect it?" (in which case Darius' answer applies) or "Does it violate my ISPs Terms Of Service?" (which only your ISP can answer) or "If it violates my ISPs Termin Of Service, are those terms even legal?" (which only a lawyer and probably a case in court can answer). – Heinzi – 2017-07-24T08:42:32.097
@Luc: my ISP would be able to detect it because the single devices would all have IPv6 addresses. – PlasmaHH – 2017-07-24T09:15:57.097
@PlasmaHH My device has multiple IPv6 addresses. Did they actually ring you up for the detection of too many devices, or are you speculate that an ISP could determine it that way? – Luc – 2017-07-24T09:59:08.753
1@Luc: Every device has multiple v6 addresses, it depends on the scope. My ISP doesn't have any of this nonsense device restrictions, but I know they can detect how many IPTV streaming clients I am running, it is connected to their account database. – PlasmaHH – 2017-07-24T10:48:40.203
@Luc: I have seen this case a long time ago: the ISP was registering a MAC address and providing the IP only to that registered device. They were providing you a cable terminated by a RJ45 to be plugged into your computer. Then came routers affordable for consumers, then came firmware where you could just clone the MAC and the whole idea vanished. – WoJ – 2017-07-24T19:11:34.913
2You could just always plug in another router into their modem. That would count as a single device, yet allow other clients to connect to it for internet. – zzarzzur – 2017-07-24T19:47:00.757
1
Related: https://android.stackexchange.com/questions/47819/how-can-phone-companies-detect-tethering-incl-wifi-hotspot (How do mobile carriers detect tethering?)
– usr-local-ΕΨΗΕΛΩΝ – 2017-07-25T07:54:23.027@zzarzzur: How do you know that this counts only as a single device? Is that clearly spelled out in the Terms of Service of the OP's ISP? Personally, if I were selling such a plan, I would specify on the ToS that devices behind a router do count as separate devices, and I would also count VMs. Usually, providers which go to the trouble of specifying such limits are careful to consider such cases. – Jörg W Mittag – 2017-07-25T21:34:53.080
@JörgWMittag How would they detect it housing multiple devices behind it? As long as it's providing NAT, it'll translate the requests and appear to come from one device. You can even change its MAC address to your computers to make it even less obvious. As long as you purchase a known router that can be secured, the ISP has utterly no idea. Heck I don't even need to use a router, i can just right click on my connection in Windows and check "Share internet connection" and allow my other devices to go through my computer. – zzarzzur – 2017-07-25T21:38:22.613
Please qulairfy: What is an internetpackage? And how you can decide one/require to have a license for it? This question seems to make no sense in the state it is right now. – Zaibis – 2017-07-26T14:39:47.340
@zzarzzur: What does it matter? The question isn't whether they can detect it (and BTW, you can do some pretty sophisticated traffic analysis given today's processing power to detect traffic flows from multiple devices), the question is whether it "counts as a separate device". What does and doesn't count as a separate device is spelled out in the contract the OP signed, and has nothing to do with NAT. – Jörg W Mittag – 2017-07-27T06:59:48.193