There are scenarios when you'd want to throttle your connection to simulate inferior connectivity. For instance you'd like to see how your application is going to behave when working with a slow network connection. There are complex methods available but I found some simpler ways to achieve this:

For applications running on some standard protocol such as HTTP you can easily introduce a proxy such as squid to control the rate of traffic. At a higher level, it becomes even simpler in browsers with plugins such as Firefox Throttle and IE Throttle.

However if you want to test a standalone application in which it is not possible to introduce a proxy, you can throttle the network traffic at the lower layer of the network stack.

In Linux, it is possible to introduce throttling at interface level using traffic shaping. You can write traffic shaping rules to control the traffic; however I've found those rules a bit complex. There are scripts available that can do the job for you. One good such script is

The most useful tool I found for network throttling was wondershaper. It worked like a charm for me. Installing it was as simple as "sudo apt-get install wondershaper" on Ubuntu. Usage is very straightforward:

wondershaper eth0 500 500 # Limits the network traffic on eth0 interface to 500 kbps
wondershaper clear eth0 # Clears throttling

For Windows there are commercial tools available such as NetFilter.

I found that using simple social engineering it is trivially possible to make someone alter an entry in their mobile phonebook. This can be used by an attacker to redirect a victim's SMS messages and voice communication intended for a specific person, to attacker's own phone. The attack works by sending the victim an SMS from a new number, claiming to be another specific person B who is already in the victim's phonebook. The SMS claims that it is the new phone number of Person B and this message is being sent to all friends to update their phonebook. People are too occupied to verify such updates.

Imagine that you get an SMS from a new number and it says "Hello friends. This is my new number. Please update your phonebook and use this number from now onwards - Person B". In most of the cases, you wouldn't bother to verify it is indeed Person B sending this message and you'll quietly update your phonebook. Onwards, any message coming from attacker's number will appear from Person B's name. Having some prior knowledge about you and the Person B, the attacker can ask directed questions and get confidential information. For instance if you share a password with Person B and the attacker asks, you'll probably text it away.

A more interesting variation of this attack leads to true Man-In-Middle: The attacker manages to update phonebooks of two persons having acquitance with each other. Both of them's phonebook entries now start pointing to one number. The attacker forwards their SMS to each other after storing them on his own phone. In some cases voice call can also be covered with clever call forwarding. 

This attack works best in the countries where telecom proliferation is high. In such countries it is easy to buy a throw-away off-the-shelf SIM so having a new number on a spare phone is extremely convenient. Also, in such regions most of the communication is done over SMS instead of calls which is favourable for this case because in case of voice the person is easily recognized.

I tried it on few friends and it worked really well. I took the role of person B as well as the attacker and sent them the mobile number update request from a new number. Later I asked them some confidential questions related to them and me. It turned out that all of them had updated their phonebooks as well as responded to my queries without actually verifying it was me!

On a sidenote, a friend of mine wanted me to update his number in my mobile's phonebook and I tried to verify his identity. Here's how conversation went:

+92321xxxxxx: Hi, this is my number. Please update it - Ali A.
Me: Anyone can claim that he is Ali A. Please authenticate yourself!
+92321xxxxxx: Ask a question which only Ali A. can answer.
Me: What is his GMail password?
* no response *

Later I called up the claimed number to make sure that it was indeed Ali :-)