On Tue, Jul 05, 2011 at 06:46:07PM -0700, Shane R. Spencer wrote:
> I'd be interested in knowing how they can detect rooted phones if the
> mobile network is simply an ethernet interface on the phone. Which it
> is.
It probably gets wrapped up in ethernet frames at some point, but
there's such a protocol soup involved that calling it an ethernet
interface is.. over-simplistic, at best.
But, purely speculating, there could be an application running on the
phone that phones (hah!) home or otherwise identifies with the network.
Once rooted, this application goes away, revealing the phone to be
rooted.
It's also possible through traffic analysis; for example, if you change
your nameservers.
I'm not aware of anyone doing this, but given telecom paranoia about
handsets, and people more than willing to sell them things, it's not
outside the realm of possibility.
> You can't even detect tethering at that point without scanning the
> traffic to find requests that are obviously not being delivered to a
> mobile web client - which is utterly inconclusive.
It's actually not utterly inconclusive. There are quite a few
organizations specializing in DPI that will do this sort of thing for
you. Perhaps not 100% reliably, but up there.
From what I've seen, though, most of the focus is on the top users on
the network. Once you've pegged them (the 10% that use 90% of your
bandwidth), you start analyzing the crap out of them to find ways of
either re-educating them or ditching them entirely, or most preferably,
charging them for it.
-- Michael Fowler www.shoebox.net --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Tue, 5 Jul 2011 18:54:29 -0800
This archive was generated by hypermail 2.1.8 : Tue Jul 05 2011 - 18:56:18 AKDT