This is actually quite common: I've been on ferries, at airports, even hotels, which give you some amount of time for free, often anonymously. So just a mac address change gives extra internet.
New Android versions make it especially convenient, with a "Wi-Fi non-persistent MAC randomization" option in the developer options, meaning you can just "forget" the wifi network and connect again with a fresh mac address.
In some cases I've seen networks that allow any traffic on port 53 - it doesn't have to be DNS traffic. The most surprising one was a mobile network with a pay as you go payment model: load money first, buy a data package, when the data package runs out, you get a captive portal that says "you've run out of data" - but port 53 wasn't blocked, so a commercial VPN resulted in unlimited internet at unlimited speed, with roaming anywhere in the world (and that was back in the day before SIM card registration was required too, so anonymous, too).
> port 53
I haven't needed it for... probably 15 years, but in the past (before 3G was common, and all you could rely on was WiFi hotspots) I have used iodine[0] as an IP over DNS tunnel.
My uni friends were always impressed, and it really helped me a few times. The throughput was never great though, but enough for some basic browsing.
Edit you have to be prepared ahead of time though, and it's the main reason I bought my three-letter domain back then (shorter domain means higher throughput as payload is a higher percent of the query response).
[0]https://github.com/yarrick/iodine
I still find uses for iodine sometimes! Off the top of my head, a hotel basement with no cell service, and once on a flight. It's rare that it works, but quite entertaining when it does.
I think in one of those two (forget which), they just had udp/53 wide open (which works just like any VPN), but in the other, it had to do proper DNS tunneling. And to my surprise, it was entirely fast enough to be usable, which usually is not the case. I felt bad for probably bogging down their DNS server, but hey. (Kept it to a reasonable limit.)
> but port 53 wasn't blocked, so a commercial VPN resulted in unlimited internet
The VPN would have to accept a connection over 53 though, right? This also seems like a great way to possibly bypass VPN blocking via DPI, which I've been hit with before on airlines when going over 443.
Yeah, but it doesn't cost much to accept connections on all ports (AIM did it in the 90s).
DPI should be able to easily detect and block non-DNS traffic on port 53, as well as IP over DNS. Just a matter of configuration effort; but lots of networks lack configuration effort, so it's worth a try.
5190 continued well into the 2000s.
5190 was the default port, but if it wasn't open, any other port would work. You could have the client do a scan to try ports until one worked.
It'd be fascinating to get an at-scale timeline of ports blocked from common client connection points.
I assume it's drifted over time, but couldn't guess which ways / why. (Other than converging on blocking all non-443)
I think, in 2025 you are better off with this
https://www.starlink.com/us/roam
Often forbidden on cruise ships as it would be on flights for the same reasons (possible interference). In an airplane it's also impossible to make it work though those tiny windows of course. But on a cruise ship balcony it would probably be fine.
It's also increasingly forbidden on cruise ships because their internet is today Starlink powered as well and additional Starlink receivers in the area are direct competition for bandwidth from the same satellites at the same time, and a cruise ship full of wifi-using passengers wants all the bandwidth it can get, in theory competition makes things worse for everyone, even the person with a personal Starlink receiver competing against the bandwidth flood of a cruise ship.
Semi-related, does anyone know what Starlink uses for de-congestion negotiation?
Also prohibited on US navy littoral combat ships
https://www.navytimes.com/news/your-navy/2024/09/03/how-navy...
The rea$on that it i$ forbidden on crui$e $hip$ i$ not due to interference, whatever the company may claim.
Interferes with the business model. ;)
True, when I hear they charge $30 per day, that's ridiculous.
My ISP had a captive portal to show when the connection was disconnected and had 1.1.1.1 whitelisted on all ports for some reason.
Back then the CF did not restrict the IP for quad 1 IP, so I could access any CF enabled site without any charges.