Related
I recently read in a post about whether AT&T can tell if you are tethering. This is the response that another user here posted:
thekurrgan said:
Truth: They can tell you are tethering via ANY conveyance that uses IPNAT.
If it uses IPNAT, then the TTL is reduced by 1 since there is another hop. This is how they tell. This little bastardly monitoring technique is deployed on all "enhanced backhaul" sites and is slowly being added to the rest of their towers that are UMTS or better. A simple defeat is using a proxy type of program.. at that point there is absolutely no way they can prove you are tethering, since all packets actually ARE originating from the phone. I personally installed a squid server and set my devices to use it.
Click to expand...
Click to collapse
My Inspire is rooted, running CM7, and I tether very seldom. I am however going to be traveling soon, and will probably be tethering much more often. Can someone kindly tell me how to set up this "squid" server, or point me to a guide somewhere? Is it an app for the phone, a tool installed on my laptop, or a combination of both? This all sounds pretty foreign to me, so any help would be appreciated..
Thanks in advance..
..........
Some more fodder on Squid:
http://www.squid-cache.org/
knarfl1 said:
Some more fodder on Squid:
http://www.squid-cache.org/
Click to expand...
Click to collapse
Thanks for the reply. I checked out that site earlier, and it was way over my head. I also noticed that you mentioned SSH Tunnel but you edited it. I actually installed that already, but have no clue how to set it up. By looking at both links, I'm assuming I need applications installed on both my laptop, and phone. Am I correct in assuming that the host name I need to enter on SSH Tunnel is the name of the squid (or other) server on my laptop?
As far as Squid goes, is there anything else out there that is a little more novice friendly in terms of installation?
I'm beginning to think this whole thing may be a little over my head, and should just tether sparingly. Guess I'm a little paranoid..
ddiehl said:
Thanks for the reply. I checked out that site earlier, and it was way over my head. I also noticed that you mentioned SSH Tunnel but you edited it. I actually installed that already, but have no clue how to set it up. By looking at both links, I'm assuming I need applications installed on both my laptop, and phone. Am I correct in assuming that the host name I need to enter on SSH Tunnel is the name of the squid (or other) server on my laptop?
As far as Squid goes, is there anything else out there that is a little more novice friendly in terms of installation?
I'm beginning to think this whole thing may be a little over my head, and should just tether sparingly. Guess I'm a little paranoid..
Click to expand...
Click to collapse
I realized SSH Tunnel wasn't much of a help so I removed it.
What the unnamed person is talking about is basically you need to have your phone point to a proxy for apps that access the mobile network.
Whether AT&T knows rogue tether users by non-ATT APNs or natted IP bounce, proxy will hide the usage and make you anonymous.
So,
You need to configure your phone to point to a proxy. Since Android doesn't have proxy features, you need to modify system files (don't want to do that) or install a proxy app (like ProxyDroid) to point to a proxy server (in the unnamed network guy's case, a caching proxy server running Squid.)
Now the question is do you have a proxy that you can point your phone to?
I've noticed PDANet tethering app (v 5.01) for iPhone now has hide usage feature. Hide usage feature is not yet implemented for Android version.
IMO, if you use the tethering sparingly, you will be ok.
I'm using my transformer at school and the school is providing wifi to its students. But there are apparently some odd restrictions associated with it. No app of mine is allowed to access the internet with the exception of browsers and also I'm not allowed to download anything (it just says "download unsuccesful" no matter what I download or from where). I've tried to look for a reson for this and I found out that it might be some firewall settings on the computer that is hosting the wifi, I also asked the school's IT guy and he said that it's likely to be the reason. But the thing is that all the people with computers and iPhones can use applications that use the internet with no problems at all. This makes me think that the wifi host regards me as dangerous or suspicious for some reason, and because it does allow computers and iPhones to use apps that access the internet and are allowed to download files, I think that it might be fixable. Perhaps there are some particular settings that make the wifi host's security to regard me as dangerous and doesn't allow my apps to go to the internet. So what do I have to do for my apps to be able to access the internet and to be able to download files? I really want to know this, because many of the useful apps require internet and by not using them I'm not taking the full advantage of the device. I should also mention that my tablet is running 3.2.1.
But have you tried asking them about letting you use your "netbook" on their netbook. What's the worst they can do? say NO TABLETS ALLOWED? Because unless they know your exact MAC address, they probably won't be able to do anything about it. In my old school, I brought up that I would like to connect my windows mobile device to their network (when I was using it as an mp3 player) and they said sure (they had terrible firewalls which blocked most every site that was fun). Sometimes, the best kind of hackery is the social kind.
Dyskmaster said:
But have you tried asking them about letting you use your "netbook" on their netbook.
Click to expand...
Click to collapse
What do you mean by that?
norsul said:
What do you mean by that?
Click to expand...
Click to collapse
I guess his telling you to ask for permission to use your netbook on their network.
Well first of all I'm using a tablet running android 3.2.1. And I'm kind of confused by your use of the word network, because I said that I can use the school's wifi network for students, but only to some extent, meaning that none of my apps with the exception of the browser are not allowed to access the internet e. g. android market, google translate don't work, they just say that they are unable to connect to the network or something similar. Also downloading any file from anywhere is not allowed, it says download unsuccessful. But iPhone user's apps work perfectly fine. From this I concluded that there must be something about my tablet that makes their security think my apps are dangerous and therefore blocks them, and that because there is no such problem on iOS, I thought that the might be something wrong with my end, and that it it fixable. And my question was what do I need to do to fiz this? I hope that clarifies my point.
statsminister said:
I guess his telling you to ask for permission to use your netbook on their network.
Click to expand...
Click to collapse
yes, thanks, I was kinda in a hurry when I typed that
Ask your school's IT department. Network configurations can be quite complex, and without knowledge of how or what they're blocking- it's hard for us to help. IT would know the issue better, or at least give the explanation as to why it isn't working. For instance, last year at my college nothing but computers were allowed to connect to the wifi. Such control can be done on the network side, and it may not be your tablet's fault.
Have you any friends with an Android device, or better yet android tablet?
I did ask the IT guy and he said that he has no control over the security settings, because it's a network across all of the schools in the city, not just the school in which I am.
Hey, I've tried using dropbox at school and then it says "cache access denied", maybe that can somehow clarify my problem.
settings
Have you set your settings/applications to allow unknown sources (ie is it ticked).
Colin
colint3 said:
Have you set your settings/applications to allow unknown sources (ie is it ticked).
Colin
Click to expand...
Click to collapse
That's only to allow installing apps not from the Market (sideloading). It has nothing to do with an app working or not.
Haven't you ever heard of proxy and content filtering?
Schools often set up proxies to restrict certain sites and content from working on their networks. They do it for a variety of reason, including bandwidth conservation, content filtering, network security, etc.
More than likely, they have blocked anything that they deem unnecessary. That means that probably only port 80 is allowed (the http port), possibly a few others for https, pop3 and imap for email, etc.
However, if you're a more advanced user, you can probably bypass right past all of this stuff by setting up your own proxy, or using encapsulation (like nstx or icmptx) to bypass their proxy by encapsulating other services inside DNS or ICMP traffic which are usually allowed to bypass the proxy at school. Like I said though, these are advanced techniques and require you to research and set it up yourself.
a.mcdear said:
Haven't you ever heard of proxy and content filtering?
Schools often set up proxies to restrict certain sites and content from working on their networks. They do it for a variety of reason, including bandwidth conservation, content filtering, network security, etc.
More than likely, they have blocked anything that they deem unnecessary. That means that probably only port 80 is allowed (the http port), possibly a few others for https, pop3 and imap for email, etc.
However, if you're a more advanced user, you can probably bypass right past all of this stuff by setting up your own proxy, or using encapsulation (like nstx or icmptx) to bypass their proxy by encapsulating other services inside DNS or ICMP traffic which are usually allowed to bypass the proxy at school. Like I said though, these are advanced techniques and require you to research and set it up yourself.
Click to expand...
Click to collapse
No, I do not no anything about proxy or content filtering, but I remember when I was connecting to the wifi network of the school I was asked to configure the proxy settings by putting some ip address ( I presume that it is an ip adress because it looked like one) and writing 8080 in the port field. If I didn't configure it like that, the internet would simply not work. Could you please tell me where I could educate myself about bypassing proxies or is i a matter that would require a very long time to learn and a lot of prerequisite knowledge?
And by the way, are you sure that this could be done on a tablet? All of that fiddling around seems to require a considerable degree of control which android may lack, or would rooting give me that control?
norsul said:
No, I do not no anything about proxy or content filtering, but I remember when I was connecting to the wifi network of the school I was asked to configure the proxy settings by putting some ip address ( I presume that it is an ip adress because it looked like one) and writing 8080 in the port field. If I didn't configure it like that, the internet would simply not work. Could you please tell me where I could educate myself about bypassing proxies or is i a matter that would require a very long time to learn and a lot of prerequisite knowledge?
And by the way, are you sure that this could be done on a tablet? All of that fiddling around seems to require a considerable degree of control which android may lack, or would rooting give me that control?
Click to expand...
Click to collapse
OK yeah you are going through a proxy then. The good news is, that because you have to configure it manually, they probably aren't using transparent proxy which can make it easier to bypass.
Getting nstx or icmptx working natively on Android should be possible in theory as both are lightweight and designed to work in Linux... perhaps it can be made into a module that can be activated/deactivated with a shell script, or added to a custom kernel.. obviously this would require a rooted tablet to accomplish.
The other required part of the equation is a computer accessible from the internet, which you can set up install a DNS server and nstx on.
If you manage to get it all working correctly, set your home IP address as your proxy instead of your schools proxy, and you should be able to get through. It should also work to let you access the web for free at places like Starbucks or at hotels where the web is normally routed to a site where you have to pay for web access.
Good luck!
a.mcdear said:
OK yeah you are going through a proxy then. The good news is, that because you have to configure it manually, they probably aren't using transparent proxy which can make it easier to bypass.
Getting nstx or icmptx working natively on Android should be possible in theory as both are lightweight and designed to work in Linux... perhaps it can be made into a module that can be activated/deactivated with a shell script, or added to a custom kernel.. obviously this would require a rooted tablet to accomplish.
The other required part of the equation is a computer accessible from the internet, which you can set up install a DNS server and nstx on.
If you manage to get it all working correctly, set your home IP address as your proxy instead of your schools proxy, and you should be able to get through. It should also work to let you access the web for free at places like Starbucks or at hotels where the web is normally routed to a site where you have to pay for web access.
Good luck!
Click to expand...
Click to collapse
That sounds awesome maybe you could make the app id buy it
I found two apps on the android market : proxydroid and ssh tunnel, do you think they would help me to bypass the school's proxy?
And by the way, how legal is this business? I mean I doubt that the school would send be to jail for using google translate but I'm still curious.
Legal issues are a potential problem, but its doubtful it would ever be a problem at school. Setting this up on your tablet certainly isn't illegal in itself, but if you're stealing wifi that you would otherwise have to pay for, you CAN get yourself in quite a bit of trouble if you get caught.
a.mcdear said:
Legal issues are a potential problem, but its doubtful it would ever be a problem at school. Setting this up on your tablet certainly isn't illegal in itself, but if you're stealing wifi that you would otherwise have to pay for, you CAN get yourself in quite a bit of trouble if you get caught.
Click to expand...
Click to collapse
Ok thanks, wifi network in the school is free for all students so I should be ok. But what about those apps I mentioned before?
And how would I protect myself from geting caught and what is the likelyhood of me getting caught? Can they immediately notice it if someone's trying to bypass their firewall or not? I should point out that the it manager in our school knows quite little about the sexurity system or ao he told me when I asked him whether my problem is somehow connected to their security settings, but the network is not pwned by the school, it's owned by the city and it is present in many schools beside mine, so I think that they might take their security seriously. So basically what I am trying to say is that if I investigate this matter, come there and bypass the proxy so that the youtube app works, is it likely that I am going to get caught, and if yes then what are the ways of minimising the risk (please bear in mind that I have not experience in this)? I'm asking this because I think it's not a very good idea to just walk in and hack the network without any experience and expect that there is no possibility of getting caught.
No neither of those apps are really the solution to your problem. There isn't currently an app for Android that will set up encapsulation like I'm talking about.
And yes, your IT manager at school "might" be able to catch you, but only if he's specifically looking for it. What this basically does is encapsulate your regular IP traffic inside DNS packets (or pings for the icmptx method), which are generally allowed to pass through firewalls and content filters. Basically, it is detectable if your network administrator is looking in the right place and knows his stuff. There would either look like a constant stream of DNS requests from a particular IP on the school network, or a constrant stream of ICMP traffic (pings) being sent out. However both ICMP and DNS are normal for any network, so its also equally possible that the administrator never notices that anything is wrong at all...
Some more sophisticated networks may employ transparent DNS or transparent proxy, which would make these efforts much harder. Transparent proxy is able to intercept any traffic and force it through the proxy at school, while transparent DNS is able to intercept DNS traffic and force it to use a specific DNS server regardless of settings on your tablet.
Like I said in the beginning though, these are really advanced networking tricks that certainly aren't easy to set up, even when all the components are readily available.. its possible they haven't even been attempted yet on an Android device. That said, it shouldn't be difficult to port either icmptx or nstx over to Android for somebody with the requisite programming skills.
Koush, they guy behind Clockworkmod has come up with another little gem you might want to try. It is a tether app that bypasses most carrier restrictions and allows easy data tethering of your phone to your PC/Mac/Linux computer. Another little plus: It does NOT require root!
Below is his post on Google+ where you can download the relevant client, and it pushes the APK over to your phone. (Make sure USB debugging is enabled.) It is still in Alpha so may not work for everyone, but we know from his previous work that all kinks will eventually be ironed out.
https://plus.google.com/103583939320326217147/posts/1Yy1jb9z4TA
suggest spoofing your browser's user agent
Serious bump to this post. I've got eight days left on the free trial and intend to throw down the five bucks once it asks, no question. Thanks Koushik and anyone else involved, and thanks wnp_79 for calling some XDA attention to this. I'd be interested in knowing how it works it greater detail. Here's the google play link: https://play.google.com/store/apps/details?id=com.koushikdutta.tether
This is a godsend as I'm in a situation where I suddenly need to tether a lot and my T-Mobile USA plan is, or at least the lady claimed, super unlimited, no cap whatsoever and no throttling. Hard to believe, and I'm in LTE areas. The only asterisk is that I pay extra if I want to tether, and there is a limit on tethering, no unlimited, and I don't know if they're looking for tethering or if they're focusing on their bigger problems. Even works on Linux, even lets me do other things like ssh. But one thing this app and its proxy magic do not do is change your browser's user agent string. That leaves you vulnerable to carrier detection based on what browser you're using.
So, to be a little extra safe in case your carrier is sniffing for that, if you're going to be doing this a lot and going heavy on the data, perhaps change (spoof) your computer's browser's user agent (how it identifies itself to servers) from its default to a mobile device, ideally identical to what you use on your phone. To do this without installing anything onto your browser, check this guide, http://www.howtogeek.com/113439/how...user-agent-without-installing-any-extensions/. For example this can be done easily in Firefox's about:config.
Or, use extensions/addons.. For Chrome, User-Agent Switcher for Chrome (https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg) works. For Firefox, User Agent Switcher (https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/). I've used both, they work (watched my own server logs to be sure) and seem legit. Downside is that you'll be seeing some mobile-formatted sites but hey, possibly-safer scofflaw tethering.
Dev @anonify came up with a seemingly awesome app called Orxy, with paid add-on Orxify; together they integregrate your droid's built in VPN capabilities with the IP-scrambling, onion accessing power of Orbot. It's quick, its easy, its very fast.
However, many hours of searching and I still can't tell if this is really a secure way to access the Deep Web.
For a start, you have to buy a monthly subscription through the Play Store in order to tunnel your data and hide the fact you are using Orbot. So Orxy has your Google details (who evidently have your bank/personal information) right off the bat. That's OK, I guess, theres nothing inherently wrong with that.
However, the difficulty for me arose when saw this article - www.deepdotweb.com/2014/07/08/is-your-vpn-legit-or-****
So - if you use this app, will your IP addresses, logon/off times, or bandwidth usage be logged somewhere? Is that possible with the native Android VPN, whether locally or by Orxy? Can, as in the above article, someone be subpoenaed to give up said information? Or worse, can it be found locally on your machine if it fell into the wrong hands?
Basically, if you want good privacy and security on the Deep Web, will you be OK using this app, or is it infinitely better to use a third party VPN which takes Bitcoin payments and stores absolutely nothing?
Personally, why use a phone for it? Just pay for a vpn, run tor, tweak other settings and viola, explore freely. Your isp will see encrypted traffic coming for your IP but not see you using tor
Sent from my Oneplus One using Tapatalk
I would also recommend using a computer
Lähetetty minun A0001 laitteesta Tapatalkilla
Well I wanna be able to look at an AK-47 for sale on the way to or from work, cos that's when I most feel like owning one (joke)
But seriously. For the same reasons we use a phone instead of a computer for so many things - portability. Smaller, better battery life - cheaper. All these things.
Also I believe there to be far more security flaws with the major OS's, so in theory Android is more secure. Or might be. That's what I'm trying to find out, anyway
When using just orxy/orxify, everything (in terms of traffic) happens locally on your phone. The app doesn't store anything or contact any external service. Just routes traffic through tor running locally on your phone. Security here depends on what you have running on your phone and who has access to it. With tunneling, the app contacts an external proxy with the outgoing tor traffic with an extra layer of encryption. I made a diagram here:
http://forum.xda-developers.com/showpost.php?p=65332501&postcount=366
The proxy does not log IPs. It only sees encrypted tor traffic, so it can't know the data or the destination. At most, someone with access to the proxy would know that a connecting IP is accessing Tor. If they know that IP is yours, then they would know you were connecting to tor, but not what you were doing (within the limits of tor security). They would have to gain access to the proxy while you were actively tunneling tor to do this.
Is it possible to setup an ad blocker as part of my personal vpn server? I'm unsure of exactly how ad blocker vpns work (such as ad block plus/blokada), but I'm a little hesitant/untrusting of having this vpn connection always on and running all of my traffic through it.
What would I need to do set this up myself? Alternatively, maybe someone could explain what exactly I'm exposing by having [blokada] enabled all of the time?
Thank you
EvanVanVan said:
Is it possible to setup an ad blocker as part of my personal vpn server? I'm unsure of exactly how ad blocker vpns work (such as ad block plus/blokada), but I'm a little hesitant/untrusting of having this vpn connection always on and running all of my traffic through it.
What would I need to do set this up myself? Alternatively, maybe someone could explain what exactly I'm exposing by having [blokada] enabled all of the time?
Thank you
Click to expand...
Click to collapse
I'm kinda confused by your question in the first part. On what hardware do you intend to do the blocking? on your android device or on a remote/local server? if you intend to do that on android, then here are some things to consider:
There is the Root method, which I assume based on your question you don't want.
Then there is the rootless method, which is basically an exploit of a loophole in how android handles VPNs. Apps like Blokada and such supposedly establish a VPS locally and block DNS blacklisted requests by leveraging the VPN permission. you can use different apps to monitor them and see what goes out, but you most likely won't find anything suspect.
If you're that paranoid, I suggest using the web server feature in the Adaway app, which lets you use your own host list/DNS block list, sign it yourself for your phone to Trust (as trusted agent or CA certificate) and apply. Ofc doing it with adaway takes away (literally) the convenience of a self updated list, so you have to find your own lists and update it regularly for maximum block-ness.
Slim K said:
I'm kinda confused by your question in the first part. On what hardware do you intend to do the blocking? on your android device or on a remote/local server? if you intend to do that on android, then here are some things to consider:
There is the Root method, which I assume based on your question you don't want.
Then there is the rootless method, which is basically an exploit of a loophole in how android handles VPNs. Apps like Blokada and such supposedly establish a VPS locally and block DNS blacklisted requests by leveraging the VPN permission. you can use different apps to monitor them and see what goes out, but you most likely won't find anything suspect.
Click to expand...
Click to collapse
Thank you, that is super helpful information on how ad blockers work on non-rooted devices. I am not rooted (after Google started automatically updating Pixels I decided the hassle of manually flashing updates and the loss of Android Pay (at the time) wasn't worth it).
I have a Wireguard VPN server on a FreeNAS server at my house. I'm not sure what blokada can track and/or conceivably redirect my traffic using their own DNS server (?). If I can set up a "VPS" and DNS blocking using publicly available lists through my own VPN or a FreeNAS jail/port or my router, I'd prefer to do that.
Maybe I'm overthinking this though haha...
Thanks
EvanVanVan said:
Thank you, that is super helpful information on how ad blockers work on non-rooted devices. I am not rooted (after Google started automatically updating Pixels I decided the hassle of manually flashing updates and the loss of Android Pay (at the time) wasn't worth it).
I have a Wireguard VPN server on a FreeNAS server at my house. I'm not sure what blokada can track and/or conceivably redirect my traffic using their own DNS server (?). If I can set up a "VPS" and DNS blocking using publicly available lists through my own VPN or a FreeNAS jail/port or my router, I'd prefer to do that.
Maybe I'm overthinking this though haha...
Thanks
Click to expand...
Click to collapse
I can relate heavily on the google pay front, but I'm a power user through and through. not having total control freaks me out so root is a must for me, so i gave up using it.
Regarding the host/adblock setup, i do think you're overthinking it. A router with openwrt is basically 80% already pre-configured with dnscrypt and the tools necessary. Using FreeNAS jail, there are sooooo many tuts online for that, i won't even need to tell you how myself. Personally, I use a PI-hole in my home and wireguard/cha cha20 protocol on my router, the webserver feature from adaway on my phone and haven't seen an ad in almost 2 years now.
Slim K said:
I can relate heavily on the google pay front, but I'm a power user through and through. not having total control freaks me out so root is a must for me, so i gave up using it.
Regarding the host/adblock setup, i do think you're overthinking it. A router with openwrt is basically 80% already pre-configured with dnscrypt and the tools necessary. Using FreeNAS jail, there are sooooo many tuts online for that, i won't even need to tell you how myself. Personally, I use a PI-hole in my home and wireguard/cha cha20 protocol on my router, the webserver feature from adaway on my phone and haven't seen an ad in almost 2 years now.
Click to expand...
Click to collapse
Pi-Hole in a jail seems like it's exactly what I'm looking for. I'll look into getting that set up. Thank you!
EvanVanVan said:
Is it possible to setup an ad blocker as part of my personal vpn server? I'm unsure of exactly how ad blocker vpns work (such as ad block plus/blokada), but I'm a little hesitant/untrusting of having this vpn connection always on and running all of my traffic through it.
What would I need to do set this up myself? Alternatively, maybe someone could explain what exactly I'm exposing by having [blokada] enabled all of the time?
Thank you
Click to expand...
Click to collapse
All you need is to maintain the hosts file in Android's /system/etc.