如何识别手机做热点共享给多个终端共享流量的行为?
来自知识星球
如何识别⼿机做热点共享给多个终端共享流量的⾏为?
Q:如何识别手机做热点共享给多个终端共享流量的行为?
即:现在随着运营商的不限流量套餐推广,导致容量激增,如果就一个UE上网还行,就怕那种开热点给大家共享网络的用户,针对这
种开热点的用户现网可以做到用户限速,这个原理是啥呢?(就是如何识别这类用户)
A:这个在英语里叫tethering detection。Tethering refers to the use of a mobile smartphone as a USB dongle/modem to provide
Internet connectivity to PC devices (laptops, PDAs, tablets, and so on) running on the smartphone's data plan. Typically, for
smartphone users, most operators have in place an unlimited data plan, the usage of which is intended to be from the smartphone as
a mobile device. However, some subscribers use the low cost / unlimited usage data plan to provide Internet connectivity to their
laptops in places where normal Internet connection via broadband/WiFi may be costly, unavailable, or insecure。
常见方法有这么几种:
1 - TTL detection: If the value of TTL is less than the expected value, they can assume that there is tethering. However you can tweak
Windows / Linux to send a higher value than usual.
2 - User-agent sniffing and OS fingerprinting: When your browser requests a page, it sends its user agent, version and other
parameters. Networks can detect if the version of Chrome or Firefox is a desktop version. The other thing that is easy to detect is OS.
Check this if you want to know how much they can detect of you.
1)如果是共享热点的上网,那TTL值要比正常小1。2)追踪操作系统是不是桌面版的windows,追踪浏览器是不是桌面版浏览器(http
的user-agent头部。)
思科的是支持者3种,见附件:
• TTL-based tethering detection • UA-based tethering detection • OS-based tethering detection
如果以后ipv6的话,还可以基于interface-id来监控。
PS:TTL是IP包头的ttl,用来防止IP网络中的环路。经过一个3层设备必须减1。热点手机相当于3层网关了。
A:相当于热点手机替换分别给被连接UE的192.168的地址成私网10开头地址,同时把TTL减1?
Q:是的。
看图里标红的部分,还有最后一行的说明。
如果以后ipv6的话,还可以基于interface-id来监控。