Jump to content

Intranet Wifi routing

Mario

By Mario
in Royal Caribbean Discussion

 Share

Recommended Posts

Mario Pre-Gold

Mario

Posted
Posted

This is a bit of a low level question, but I'm wondering if anyone has any idea if the intranet configured on Royal Caribbean ships allows communication from one device directly to another.  I'm not interested in using the internet service, I want to solely rely upon communication in the closed cruise ship network.

As in if I was running a web service on a TCP port on one device if their router setup will block or route communication to that port from another device.

Furthermore, are there multiple subnets on the ship?  And if so, can communications route across subnets?

 

Anyone have experience with this or know?

Link to comment
Share on other sites
Baked Alaska Pinnacle

Baked Alaska

Posted
Posted
27 minutes ago, Mario said:

This is a bit of a low level question, but I'm wondering if anyone has any idea if the intranet configured on Royal Caribbean ships allows communication from one device directly to another.  I'm not interested in using the internet service, I want to solely rely upon communication in the closed cruise ship network.

As in if I was running a web service on a TCP port on one device if their router setup will block or route communication to that port from another device.

Furthermore, are there multiple subnets on the ship?  And if so, can communications route across subnets?

 

Anyone have experience with this or know?

Gheeze, I would hope that their ports are not open and forwarding only to their operations. Your questions give one pause.

Link to comment
Share on other sites
princevaliantus Pinnacle

princevaliantus

Posted
Posted
29 minutes ago, Mario said:

This is a bit of a low level question, but I'm wondering if anyone has any idea if the intranet configured on Royal Caribbean ships allows communication from one device directly to another.  I'm not interested in using the internet service, I want to solely rely upon communication in the closed cruise ship network.

As in if I was running a web service on a TCP port on one device if their router setup will block or route communication to that port from another device.

Furthermore, are there multiple subnets on the ship?  And if so, can communications route across subnets?

 

Anyone have experience with this or know?

In simple terms, via Royal app,  there is no additional cost to use the texting feature in the app.  If you attempt to circumvent/change/alter/attempt to access any configs, subnets, clone MAC addresses, IP STATS, TCP, servers, etc to Royal's system, I.T. Security will be knocking on your cabin door and it's not to wish you a Merry Christmas.

Link to comment
Share on other sites
Baked Alaska Pinnacle

Baked Alaska

Posted
Posted
Just now, princevaliantus said:

In simple terms, via Royal app,  there is no additional cost to use the texting feature in the app.  If you attempt to circumvent/change/alter/attempt to access any configs, subnets, clone MAC addresses, IP STATS, TCP, servers, etc to Royal's system, I.T. Security will be knocking on your cabin door and it's not to wish you a Merry Christmas.

Thank goodness!

Link to comment
Share on other sites
Mario Pre-Gold

Mario

Posted
  • Author
Posted
12 minutes ago, princevaliantus said:

In simple terms, via Royal app,  there is no additional cost to use the texting feature in the app.  If you attempt to circumvent/change/alter/attempt to access any configs, subnets, clone MAC addresses, IP STATS, TCP, servers, etc to Royal's system, I.T. Security will be knocking on your cabin door and it's not to wish you a Merry Christmas.

I probably should have explained why I was asking my questions ?

 

I'm not trying to game their system/hack anything/clone mac addresses or anything like that.  I wanted to put an IP camera in the room to monitor/listen for the young kid during nap time in case the older kiddo wants to use the pool so we're not trapped in the room trying to keep the older kiddo quiet during young kid nap.

So I'm wanting to run something like https://play.google.com/store/apps/details?id=com.pas.webcam&hl=en on a phone sitting in the room (connected to the wifi) and something like https://play.google.com/store/apps/details?id=com.alexvas.dvr&hl=en_US on the phone in my hand to watch and listen for when he wakes up.

Link to comment
Share on other sites
princevaliantus Pinnacle

princevaliantus

Posted
Posted
Just now, Mario said:

I probably should have explained why I was asking my questions ?

 

I'm not trying to game their system/hack anything/clone mac addresses or anything like that.  I wanted to put an IP camera in the room to monitor/listen for the young kid during nap time in case the older kiddo wants to use the pool so we're not trapped in the room trying to keep the older kiddo quiet during young kid nap.

So I'm wanting to run something like https://play.google.com/store/apps/details?id=com.pas.webcam&hl=en on a phone sitting in the room (connected to the wifi) and something like https://play.google.com/store/apps/details?id=com.alexvas.dvr&hl=en_US on the phone in my hand to watch and listen for when he wakes up.

You would need to pay for wifi for each individual device as sharing a connection via WiFi router wouldn't be sufficient as the distance would be over 30 ft. As for keeping an eye on the kids in your room, I wouldn't chance it as if Royal gets a heads up that you left under-aged kids in a cabin not supervised, Royal will be paying you a visit and most likely, considering what happened recently with the child on Freedom of the Seas, will give you a warning. Next time, it will be buh-bye of the ship.

Link to comment
Share on other sites
Mario Pre-Gold

Mario

Posted
  • Author
Posted
2 minutes ago, princevaliantus said:

You would need to pay for wifi for each individual device as sharing a connection via WiFi router wouldn't be sufficient as the distance would be over 30 ft. As for keeping an eye on the kids in your room, I wouldn't chance it as if Royal gets a heads up that you left under-aged kids in a cabin not supervised, Royal will be paying you a visit and most likely, considering what happened recently with the child on Freedom of the Seas, will give you a warning. Next time, it will be buh-bye of the ship.

I agree bringing my own router for both devices to connected to to accomplish this is not at all a scalable solution.

 

The specific technical feature I was wondering in my question was is if they enabled IP isolation on their ship's network (https://www.tp-link.com/us/support/faq/2089/).  If so, then my idea certainly won't work.

 

And yeah, this would only be for naps with the kid that is in the crib and would be monitoring the phone like a hawk.

Link to comment
Share on other sites
princevaliantus Pinnacle

princevaliantus

Posted
Posted
4 minutes ago, Mario said:

I agree bringing my own router for both devices to connected to to accomplish this is not at all a scalable solution.

 

The specific technical feature I was wondering in my question was is if they enabled IP isolation on their ship's network (https://www.tp-link.com/us/support/faq/2089/).  If so, then my idea certainly won't work.

 

And yeah, this would only be for naps with the kid that is in the crib and would be monitoring the phone like a hawk.

AP Isolation is not allowed since certain criteria needs to be met in order to protect the device against attacks from other device in the same network. Inasmuch, AP Isolation has to be enabled at the WiFi router level AND at every WiFi router and most likely, it's not.

Link to comment
Share on other sites
Cez Diamond

Cez

Posted
Posted
15 minutes ago, Mario said:

to monitor/listen for the young kid during nap time in case the older kiddo wants to use the pool so we're not trapped in the room trying to keep the older kiddo quiet during young kid nap.

so basically you want to leave younger kid unattended, alone in the room, checking your phone from time to time. I've deleted so many comments that I wrote after that.... 

Link to comment
Share on other sites
Mario Pre-Gold

Mario

Posted
  • Author
Posted
Just now, princevaliantus said:

AP Isolation is not allowed since certain criteria needs to be met in order to protect the device against attacks from other device in the same network. Inasmuch, AP Isolation has to be enabled at the WiFi router level AND at every WiFi router and most likely, it's not.

 

But conversely even if AP isolation is enabled at each WiFI AP, it's entirely possible they have a set of firewall rules at the router sitting in the datacentre that would prevent sending traffic from one device to another.  I'm sure they separate operational networks from the "customer" network but beyond that I don't know how advanced their network topology actually is on these ships. 

Link to comment
Share on other sites
Mario Pre-Gold

Mario

Posted
  • Author
Posted
1 minute ago, Cez said:

so basically you want to leave younger kid unattended, alone in the room, checking your phone from time to time. I've deleted so many comments that I wrote after that.... 

I never said checking phone from time to time.  I said monitoring with phone like a hawk.

Link to comment
Share on other sites
princevaliantus Pinnacle

princevaliantus

Posted
Posted
21 minutes ago, Mario said:

 

But conversely even if AP isolation is enabled at each WiFI AP, it's entirely possible they have a set of firewall rules at the router sitting in the datacentre that would prevent sending traffic from one device to another.  I'm sure they separate operational networks from the "customer" network but beyond that I don't know how advanced their network topology actually is on these ships. 

Royal does monitor "their guest network" and if they see something "fishy", you'll be the first to know. By your log in credentials, they know who you are. If you want more specifics, I would suggest calling Royal to see if they can give you a more definitive answer BUT I don't think they will.  It would be like leaving the cookie jar on the table and two 5 year olds eyeing the jar. Tempting, isn't it???

Link to comment
Share on other sites
micahd Diamond

micahd

Posted
Posted

I'm not all caught up in the morality of the application there but I'm excited about the technical discussion.

First I'm sure the ship has many, many subnets and vlans and all that sort of fun stuff. Depending on how new/old/recently renovated the ship the more advanced the systems.

IMO I doubt security would even care if you were just trying this on the network, maybe if you were trying to access internal systems, payment processing, employee networks etc. But lets be honest, IT security is nearly always an afterthought and never funded very well until a business gets caught in an actual breach of some kind. People pretty regularly post instructions on MAC cloning and using routers to share one wifi package with more devices.

I would say it's unlikely that any off-the-shelf solution would work. I would expect device isolation to be enabled and that this wouldn't route internally. I would anticipate that if you bought the wifi access for two devices and used a cloud based service it would work though. If you were able to truly randomize the ports, maybe, or if you could force it over port 80 or 8080 or something common like that. The concerns would be if the DHCP lease expires on the remote phone you could drop the connection when it renews..?

Personally I'd just like to see someone try, would be fun to see if it works.

I think if I ever have the time for a TA or longer cruise with lots of sea days I would be trying random (read: not malicious) network stuff like this.

Link to comment
Share on other sites
Mario Pre-Gold

Mario

Posted
  • Author
Posted
9 minutes ago, micahd said:

I would say it's unlikely that any off-the-shelf solution would work. I would expect device isolation to be enabled and that this wouldn't route internally. I would anticipate that if you bought the wifi access for two devices and used a cloud based service it would work though. If you were able to truly randomize the ports, maybe, or if you could force it over port 80 or 8080 or something common like that. The concerns would be if the DHCP lease expires on the remote phone you could drop the connection when it renews..?

I wouldn't feel confident enough in the quality of their WAN connection to rely upon a cloud based service.  Common ports is a good idea, I'll have full control over what ports to run this stuff, so maybe it skirts their firewall rules.

I don't think it's common for DHCP leases to expire and upon renewal give you back something different, right?  I guess if I actually get a stable feed and it cuts out that's something to watch for.  A dropped connection would be a reason to run back.

Quote

Personally I'd just like to see someone try, would be fun to see if it works.

I think if I ever have the time for a TA or longer cruise with lots of sea days I would be trying random (read: not malicious) network stuff like this.

Using an old phone at least there's no large investment in equipment needed to try this.  3D print a stand for the phone, bring an extra phone charger and I'm set.

If I end up doing this, i'll update the post after the cruise ?

Link to comment
Share on other sites
Cez Diamond

Cez

Posted
Posted
2 hours ago, Mario said:

I never said checking phone from time to time.  I said monitoring with phone like a hawk.

Letting child to wake up alone in strange environment, crying until you show-up all the way from the pool deck. How do you or your spouse think that it is a good parenting?  Sounds like it might get you "Parent of the year" award. Category: remote parents

Should something happen will you blame Royal Wi-Fi ?  Just in case keep it handy:

https://www.lipcon.com/maritime-attorneys/michael-winkleman/

 

Link to comment
Share on other sites
micahd Diamond

micahd

Posted
Posted

@Mario you may be surprise at the quality of the WAN connection, newer ships have a very stable, low(er) latency connection see here. The way I understand it there is literally a satellite in geosync orbit over the Caribbean dedicated to Royal's ships. I personally know of a current charter cruise where Oasis and Symphony are using two-way videos links to connect conference sessions. Granted that's high-end gear with full cooperation of Royal's IT teams but, you get the point. This does depend on the specific ship, not all are yet equipped with this tech.

Good point on the DHCP lease.

Either way I definitely want to hear if you give it a try and what you discover.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...