Home Email Me If you find this useful, consider supporting me with the links below.
Donate with PayPal Amazon Wish List Donate with Venmo Donate with Dogecoin Donate with Bitcoin

Finding holes in a ship’s internet

Background

Recently I found myself on a large cruise ship for a week with “free” internet service. You get what you pay for, slow as dial-up and a lot of restricted outbound ports. Note This is not a guide to find out how to break the system, but rather some tips on how to better use and discover whats available and can be leveraged.

I did a bit of preparation before I left. I made sure I had a server on the internet with a static IP address. In my case it was a Linux machine running on Linode. I setup the following services to aid with my access. I won’t go into details on specific configuration information, I’ll just assume you RTFM’d a bunch.

The free wifi will only authorize one device (by mac address). I registered my mobile phone since it would be the most used. If I needed my laptop or other device, I can tether it over USB (Prefered!) or Bluetooth.

Probe the firewall

This is a quick and dirty way to see whats available outbound. Note its not comprehensive but a good starting point. I used Termux and nmap to probe for open ports. This command doesn’t require root access. In my case SSH was open and worked great!

nmap -Pn scanme.nmap.org

    Starting Nmap 7.94 ( https://nmap.org ) at 2023-06-27 10:05 AKDT
    Nmap scan report for scanme.nmap.org (45.33.32.156)
    Host is up (0.087s latency).
    Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
    Not shown: 990 closed tcp ports (conn-refused)
    PORT      STATE    SERVICE
    22/tcp    open     ssh
    25/tcp    filtered smtp
    80/tcp    filtered http
    135/tcp   filtered msrpc
    139/tcp   filtered netbios-ssn
    445/tcp   filtered microsoft-ds
    2000/tcp  open     cisco-sccp
    5060/tcp  open     sip
    9929/tcp  open     nping-echo
    31337/tcp open     Elite

    Nmap done: 1 IP address (1 host up) scanned in 16.31 seconds

Signal

Signal is the primary way I message. Unfortunately, the ship’s firewall blocked access. I found a way around with this setting:

Settings/Privacy/Advanced/Censorship Circumvention (Enable)

Tinc VPN

All access to port 665 for Tinc were blocked. Since I had SSH open, I could ssh to my server and tunnel a tcp port. This required a slight modification on the tinc host side you are connecting to:

Map local port to remote tinc vpn endpoint

ssh root@myserver.test -L 665:127.0.0.1:50665

In the matching tinc host file add the following

address=127.0.0.1
port=50665
tcponly=yes

HTTP Proxy

Web browsing for for the most part open but seemed to block various host names (ahem youtube.com). Again since SSH was available I could tunnel a proxy setting my browsers’s proxy to 127.0.0.1:8888

ssh root@myserver.test -L8888:127.0.0.1:8888
Last Updated: 2020-07-02