Email or username:

Password:

Forgot your password?
BrianKrebs's posts Post Back to profile
Top-level
BrianKrebs

For the uninitiated, changing your computer's TTL won't have a negative effect on it. The TTL basically refers to the max number of network "hops" that a connection can make before it just times out.

The reason this works is that the default TTL for wireless connections is 64, but if you are tethering a computer behind your wireless connection, the tethered computer will be one fewer hops, 63, which allows the carrier to detect you're connecting from something other than your phone. By setting it to 65, your computer will appear to have the correct number of hops indicating a direct connection.

19 Nov 2023 at 1:22 | Open on infosec.exchange
18 comments
rmogull

@briankrebs One of the best things about qualifying for FirstNet was true unlimited tethering. This TTL trick is pretty great though.

19 Nov 2023 at 1:24 | Open on defcon.social
Carl

@briankrebs

Thanks for the explanation. I had assumed the throttling happened in the phone, not the tower (or wherever in the phone carrier's network). I was very puzzled why TTL would matter.

Personally, I just use Mint Mobile, which gives 5GB of high speed data per month for $15 with no restrictions.

19 Nov 2023 at 1:26 | Open on mstdn.party
Alan Miller :verified_paw:

@nitpicking @briankrebs TTL doesn't really matter on a technical basis except that it's a very easy to detect attribute of data packets, one that the equipment is already looking at because it has to adjust it down by one before sending the packet along.

On the other hand if you're tethering via USB to a phone speed issues might be due to most phone USB ports only doing USB2 speeds.

19 Nov 2023 at 1:37 | Open on infosec.exchange
BrianKrebs

@fencepost @nitpicking Yes, it apparently matters to some carriers, which seem to use the TTL as a lazy, easy way to restrict the use of their network to devices they (mostly) control.

19 Nov 2023 at 1:45 | Open on infosec.exchange
Ted Mielczarek

@fencepost @nitpicking @briankrebs USB2 maxes out at 480Mbps, which I don't think is going to be the limiting factor here. (Also most tethering is probably happening via WiFi hotspot these days.)

19 Nov 2023 at 3:11 | Open on mastodon.social
Brendan

@nitpicking @briankrebs

I've been using Mint Mobile for years. I love telling the Verizon or other sales person at Costco that I pay $15 per month and I just paid for a year. They leave me alone at that point.

19 Nov 2023 at 5:44 | Open on twit.social
MarkD

@nitpicking @briankrebs Yeah. I appreciate the TTL explanation as I was initially think DNS TTL and going what the ferk?

It's also exactly how one would expect a carrier to implement throttling. That is a lame implementation that sort-of, kinda, mostly works. A bit like the bandwidth limits on airport wifi that base it on the MAC address of your NIC.

19 Nov 2023 at 7:53 | Open on hachyderm.io
Michael Fisher

@briankrebs Sweet! Can we dork with the same setting with a netsh command on Windows?

19 Nov 2023 at 1:29 | Open on hachyderm.io
BrianKrebs

@mjf_pro yes it's very similar on windows.

19 Nov 2023 at 1:30 | Open on infosec.exchange
BrianKrebs

@mjf_pro netsh int ipv4 set glob defaultcurhoplimit=65

netsh int ipv6 set glob defaultcurhoplimit=65

19 Nov 2023 at 1:33 | Open on infosec.exchange
ticho

@briankrebs There is a great FOSS tool for detecting such tethering setups on the carrier side: en.m.wikipedia.org/wiki/P0f

We used it many years ago to detect freeloaders on a dormitory network which had per-user monthly fee. :)

I am mentioning it here so that those interested can look at some of the more advanced techniques for passive OS fingerprinting, by examining p0f's source code.

19 Nov 2023 at 1:54 | Open on mas.to
Jean-Francois Mezei

@briankrebs Prior to AT&T joining the GSM world, there were few if any differentiation between native use and tethering. Usage limits were very low anyways.
AT&T's negotiations for exclusive iPhone sales resulted in Apple providing different APN settings for tethering vs native use. Other handset makers followed and other carriers adopted it and became de-facto standard. This way, it is easy to block tethering at the APN level, restrict its speed etc while no impact on native use by handset.

19 Nov 2023 at 2:29 | Open on mstdn.ca
Diego Elio Pettenò

@jfmezei @briankrebs for what it's worth the different APN setup existed since tethering existed, in Europe.

Just a reminder that the world didn't start using mobile internet with the iPhone, even when NORAM might have.

19 Nov 2023 at 10:59 | Open on mastodon.social
Flare

@briankrebs is this an American thing? Blocking tethered computers. They don't do this in Oz?

19 Nov 2023 at 2:51 | Open on aus.social
DELETED

@flare2004 @briankrebs I’m in Australia too, and we don’t have tethering limits. Our phone plans are also about a quarter the cost of phone plans in the US. We have it good. Keep quiet.

19 Nov 2023 at 12:26 | Open on mstdn.social
Felix 🇨🇦 🇩🇪 🇺🇦

@briankrebs omg, using the TTL as a classifier for a tethered device is sneaky. How would you even start troubleshooting that? What if you set it higher? Do you then get labelled as a hacker?

19 Nov 2023 at 5:14 | Open on mstdn.io
Robert Sweetnam

@briankrebs you can change TTL with firewall rules on many LTE routers such as Mikrotik ones. Allows you to use a cheaper pay as you go SIM for data which would normally be restricted to one device:

help.mikrotik.com/docs/display

19 Nov 2023 at 8:34 | Open on md.epiphyte.ie
Go Up