Re: Is there a way to detect if downstream clients are acting as access points?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Mark,

On Tue, Sep 7, 2021 at 4:01 PM Mark K Vallevand <mvallevand@xxxxx> wrote:
> I would like to prevent downstream tethering.
> Does anyone have any suggestions for doing that?

AFAIK hostapd does not support such functionality. Moreover, tethering
detection does not even sound like a hostapd related topic.

You could apply some heuristic to detect tethering. Off the top of my
head it is possible to monitor the radio channel looking for an AP
with a BSSID that is very similar to a client MAC address. Or you
could monitor client traffic for some anomalies: unusual TTL as an
indication of a packet routing on the client side, unusual destination
IP addresses like a desktop OS upgrade server request from a client
that pretends to be a phone, etc.

Just curious, why do you need to prevent tethering?

If this is a security measure, then an intruder most probably could
bypass all this heuristic. If this is some kind of an ISP policy, then
a mid-trained user could quickly bypass all this heuristic as well,
since most ISP tricks are already widely known. And since no perfect
detection method exists, then you will need to deal with
false-positive cases. Just my 2 cents.

-- 
Sergey

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux