Hello Mark, On Tue, Sep 7, 2021 at 4:01 PM Mark K Vallevand <mvallevand@xxxxx> wrote: > I would like to prevent downstream tethering. > Does anyone have any suggestions for doing that? AFAIK hostapd does not support such functionality. Moreover, tethering detection does not even sound like a hostapd related topic. You could apply some heuristic to detect tethering. Off the top of my head it is possible to monitor the radio channel looking for an AP with a BSSID that is very similar to a client MAC address. Or you could monitor client traffic for some anomalies: unusual TTL as an indication of a packet routing on the client side, unusual destination IP addresses like a desktop OS upgrade server request from a client that pretends to be a phone, etc. Just curious, why do you need to prevent tethering? If this is a security measure, then an intruder most probably could bypass all this heuristic. If this is some kind of an ISP policy, then a mid-trained user could quickly bypass all this heuristic as well, since most ISP tricks are already widely known. And since no perfect detection method exists, then you will need to deal with false-positive cases. Just my 2 cents. -- Sergey _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
