|If you find this useful, consider supporting me with the links below.
Recently I found myself on a large cruise ship for a week with “free” internet service. You get what you pay for, slow as dial-up and a lot of restricted outbound ports. Note This is not a guide to find out how to break the system, but rather some tips on how to better use and discover whats available and can be leveraged.
I did a bit of preparation before I left. I made sure I had a server on the internet with a static IP address. In my case it was a Linux machine running on Linode. I setup the following services to aid with my access. I won’t go into details on specific configuration information, I’ll just assume you RTFM’d a bunch.
The free wifi will only authorize one device (by mac address). I registered my mobile phone since it would be the most used. If I needed my laptop or other device, I can tether it over USB (Prefered!) or Bluetooth.
This is a quick and dirty way to see whats available outbound. Note its not comprehensive but a good starting point. I used Termux and nmap to probe for open ports. This command doesn’t require root access. In my case SSH was open and worked great!
nmap -Pn scanme.nmap.org
Starting Nmap 7.94 ( https://nmap.org ) at 2023-06-27 10:05 AKDT
Nmap scan report for scanme.nmap.org (126.96.36.199)
Host is up (0.087s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 990 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp filtered http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
2000/tcp open cisco-sccp
5060/tcp open sip
9929/tcp open nping-echo
31337/tcp open Elite
Nmap done: 1 IP address (1 host up) scanned in 16.31 seconds
Signal is the primary way I message. Unfortunately, the ship’s firewall blocked access. I found a way around with this setting:
Settings/Privacy/Advanced/Censorship Circumvention (Enable)
All access to port 665 for Tinc were blocked. Since I had SSH open, I could ssh to my server and tunnel a tcp port. This required a slight modification on the tinc host side you are connecting to:
Map local port to remote tinc vpn endpoint
ssh firstname.lastname@example.org -L 665:127.0.0.1:50665
In the matching tinc host file add the following
Web browsing for for the most part open but seemed to block various host names (ahem youtube.com). Again since SSH was available I could tunnel a proxy setting my browsers’s proxy to 127.0.0.1:8888
ssh email@example.com -L8888:127.0.0.1:8888