Is your ISP blocking you from sharing your internet connection?

François Dautrême — Sun, 04 Aug 2024 07:14:50 +0000

The other day, I faced a frustrating issue while trying to share my iPhone's internet connection with my MacBook. Although I could connect to the hotspot, there was no internet access on my MacBook, despite having a stable connection on my iPhone. It was puzzling.

I tried every basic troubleshooting step I could think of: restarting both devices, toggling the hotspot, and forgetting and reconnecting to the network. None of these worked. The iPhone has limited hotspot settings and even fewer troubleshooting options, leaving me stuck.

Here are some of the troubleshooting options I considered:

Trying with another MacBook (which I didn’t have)
Trying with another iPhone (which I didn’t have)
Trying with another carrier

The last option seemed feasible. I downloaded an eSIM app from the App Store, purchased a data plan from a different carrier, and activated it on my iPhone. Then, I connected my MacBook to the new hotspot. Success! My MacBook had internet access.

However, switching back to my original carrier's data plan caused the connection issue to reappear. I wondered if my carrier was blocking me from sharing my internet connection, but I couldn't see how they would detect it. I reviewed my contract for any clauses about internet sharing—none existed. The carrier's website also lacked information on this matter. A call to customer service resulted in them denying any such restrictions.

Before venting my frustration on social media, I did some research. I discovered that some ISPs block internet sharing by checking the TTL (Time to Live) of the packets. The TTL is a value in an IP packet that determines how many routers the packet can pass through before being dropped, it decrements by one each time the packet passes through a router.

ISPs can detect whether you're sharing your internet connection by examining the TTL value of packets. Typically, a device like your MacBook will send packets with a TTL value of 64. However, when these packets pass through your iPhone (acting as a hotspot), the TTL is reduced by one, arriving at the ISP with a TTL of 63. Some ISPs drop these packets to prevent internet sharing.

To bypass this, you can set the TTL value on your MacBook to 65. This way, when the packets are routed through your iPhone and reach the ISP, the TTL will be 64, making them appear as if they originated directly from your iPhone.

To test this, I decided to change the TTL of the packets on my MacBook to 65. I opened Terminal and ran the following commands:

sudo sysctl -w net.inet.ip.ttl=65
sudo sysctl net.inet6.ip6.hlim=65

It worked instantly! My MacBook gained internet access, confirming that my ISP was indeed blocking me from sharing my connection. Despite this proof, another call to customer service resulted in them hanging up on me when I explained the situation.

Now, everything works perfectly, and I can share my iPhone’s internet connection with my MacBook. Problem solved, and I’m happy.

This is for educational purposes only. Please respect your ISP's terms and conditions. If you encounter a similar issue, contact your ISP for assistance.

Boost your Cloud Security with Network ACLs in your VPC

François Dautrême — Wed, 22 May 2024 22:29:39 +0000

In the digital age, safeguarding your cloud infrastructure is paramount. While security groups offer basic protection for your network interfaces, Network Access Control Lists (NACLs) provide an added layer of defense against potential threats. This blog post will explore the benefits of incorporating NACLs into your Amazon VPC, empowering you to fortify your cloud security posture.

"Through 2025, 99% of cloud security failures will be the customer's fault."
Source: Gartner, Is the Cloud Secure?

Network ACLs: A Powerful Line of Defense

A NACL acts as a virtual firewall, governing inbound and outbound traffic at the subnet level within your VPC. By implementing NACLs, you gain granular control over the flow of traffic, allowing you to define precise rules that dictate which traffic is permitted or denied.

The Advantages of Using NACLs in Your VPC:

Enhanced Security Posture

With NACLs, you can establish comprehensive security policies tailored to your specific requirements. Whether you need to restrict access to critical resources or isolate sensitive workloads, NACLs provide the flexibility to implement robust security measures.
Granular Traffic Control

NACLs enable you to meticulously manage traffic at the subnet level, ensuring that only authorized traffic reaches your resources. This level of control is particularly valuable when dealing with complex network architectures or handling sensitive data.
Ability to Use 'Deny' Rules

Security groups operate on an allowlist model, where you define which traffic is permitted, while all other traffic is implicitly denied. In contrast, NACLs offer a more flexible approach by enabling you to create explicit 'deny' rules that block specific traffic flows. This feature is particularly valuable when you need to block traffic from untrusted IP addresses or restrict access to sensitive resources.

By combining 'allow' and 'deny' rules, you can construct intricate security policies that precisely control the flow of traffic within your VPC, providing an additional layer of protection beyond the capabilities of security groups alone.
Compliance and Regulatory Adherence

Many industries and regulatory bodies mandate stringent security protocols. By incorporating NACLs into your VPC, you can demonstrate your commitment to meeting these standards, fostering trust among your customers and stakeholders.
Defense against Distributed Denial of Service (DDoS) Attacks

NACLs can play a crucial role in mitigating the impact of DDoS attacks by filtering out malicious traffic before it reaches your resources, minimizing potential disruptions and ensuring service availability.

Implementing NACLs: A Step-by-Step Approach

Identify Your Security Requirements

Begin by assessing your specific security needs and the resources that require protection. This will help you develop a comprehensive ruleset tailored to your environment.
Create and Associate NACLs with Your Subnets

Within the Amazon VPC console, create NACLs and associate them with the relevant subnets. By default, NACLs allow all inbound and outbound traffic, so you'll need to define rules to restrict or allow specific traffic flows.
Define Inbound and Outbound Rules

Craft rules that govern inbound and outbound traffic based on your security requirements. Consider factors such as IP addresses, protocols, and port numbers to ensure only authorized traffic is permitted.
Monitor and Adjust

Continuously monitor your NACLs and adjust the rules as needed to accommodate changes in your environment or emerging security threats.

Implementing NACLs in your Amazon VPC is a proactive step towards fortifying your cloud security posture. By harnessing the power of granular traffic control and tailored security policies, you can safeguard your resources and ensure compliance with industry standards.

Explore the Amazon VPC documentation to learn more about configuring NACLs and enhancing your cloud security. Stay vigilant and take control of your cloud environment with this robust security measure.

Forem: François Dautrême

Is your ISP blocking you from sharing your internet connection?

Boost your Cloud Security with Network ACLs in your VPC

Network ACLs: A Powerful Line of Defense

Implementing NACLs: A Step-by-Step Approach