Mobile phone network provider may place restrictions on how the users can use the mobile subscription:
- Type of device connecting to the mobile network
- Restricting sharing the connection with multiple devices
- Time to live (TTL) in the data packets
- Outward connection destination
Type of device connecting to the mobile network
Some requires the connection be made from a phone only. Two ways to not have your device blocked:
- Use a router that supports USB modems, plug your phone into it via USB, go into your phone’s tethering options and turn on USB tethering.
- Make your modem broadcast a different IMEI, maybe one from an old phone you have that you’ll never use at the same time on the same carrier network. This is possible with some modem models using third party software. This might not be legal and would definately be against the T&C’s.
Note IMEI identifies the type of device. https://en.m.wikipedia.org/wiki/International_Mobile_Equipment_Identity
Time to live (TTL) in the data packets
Time to live (TTL) or hop limit is a mechanism that limits the lifespan or lifetime of data in a computer or network. TTL may be implemented as a counter or timestamp attached to or embedded in the data.
An ISP can use that number to determine if there has been extra hops between NAT’d devices. As a packet is passed to the next device, that TTL number decreases. This is to prevent packets wandering around the network. For example:
No sharing: Phone (64) -> ISP (63)
Hotspot: Tethered device (64) -> phone (63) -> ISP (62)
Home router: Endpoint (64) -> Wifi router (NAT) (63) -> Phone (62) -> ISP (61)
Different operating systems have different default TTLs. Typically Windows uses 128, Linux uses 64, etc.
Outward connection destination
A device connecting to a network for the first time will reach out to a certain URL to detect if it is on a captive portal or not.
This URL varies depending on the OS. For example, if you see a URL being dns.msftncsi.com, then it is likely a Windows PC connecting to the internet for the first time checking it has full internet access.
Using a DNS blocker like Pi-Hole or AdGuard may be useful in intercepting most of these requests but it’s impossible to know if it’s 100% effecive. The other possibility is using a VPN service to block the mobile network provider from seeing where the connections are destined.