Recently I found myself on a large cruise ship for a week with “free” internet service. You get what you pay for, slow as dial-up and a lot of restricted outbound ports. Note This is not a guide to find out how to break the system, but rather some tips on how to better use and discover whats available and can be leveraged.
I did a bit of preparation before I left. I made sure I had a server on the internet with a static IP address. In my case it was a Linux machine running on Linode. I setup the following services to aid with my access. I won’t go into details on specific configuration information, I’ll just assume you RTFM’d a bunch.
The free wifi will only authorize one device (by mac address). I registered my mobile phone since it would be the most used. If I needed my laptop or other device, I can tether it over USB (Prefered!) or Bluetooth.
This is a quick and dirty way to see whats available outbound. Note its not comprehensive but a good starting point. I used Termux and nmap to probe for open ports. This command doesn’t require root access. In my case SSH was open and worked great!
nmap -Pn scanme.nmap.org
Starting Nmap 7.94 ( https://nmap.org ) at 2023-06-27 10:05 AKDT
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.087s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 990 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp filtered http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
2000/tcp open cisco-sccp
5060/tcp open sip
9929/tcp open nping-echo
31337/tcp open Elite
Nmap done: 1 IP address (1 host up) scanned in 16.31 seconds
Signal is the primary way I message. Unfortunately, the ship’s firewall blocked access. I found a way around with this setting:
Settings/Privacy/Advanced/Censorship Circumvention (Enable)
All access to port 665 for Tinc were blocked. Since I had SSH open, I could ssh to my server and tunnel a tcp port. This required a slight modification on the tinc host side you are connecting to:
Map local port to remote tinc vpn endpoint
ssh root@myserver.test -L 665:127.0.0.1:50665
In the matching tinc host file add the following
address=127.0.0.1
port=50665
tcponly=yes
Web browsing for for the most part open but seemed to block various host names (ahem youtube.com). Again since SSH was available I could tunnel a proxy setting my browsers’s proxy to 127.0.0.1:8888
ssh root@myserver.test -L8888:127.0.0.1:8888
| Created: 2023-06-30 | Modified: 2024-04-11 |