It's obvious that the +ORC Riddle is - as the mathematicians say - non-trivial. It's not that what we must do is inherently difficult. At least, I don't think it is. But the problem is that it's hard to be sure you've found the solution, merely by applying a "correction" to the Riddle URL. One "solution" looks much like another. How do you know what the true "correction" is? Zen thinking might give you a feel for it. But I tend to side with the Apostle Thomas: I'll believe it when I see the Web page. The proof of this particular pudding is to find a Web page that has something quite unambiguously from +ORC -- in this case, another riddle, he tells us.
Ideally, the Riddle will give us the name of the Web page as well. That's all fine, but we may find a partial solution - for example, the numerical part of the URL, without the Web page file name. For instance, how do I know that a page I found early in the piece - the children's clinic site in Germany - isn't the right Web site? Maybe it has an unindexed page sitting on it, the one we're looking for. Perhaps +ORC is a paediatrician? Who can be sure that he isn't? We can assume nothing. And as I said before, we have to be very careful to be alert to our assumptions.
So what do we do? There a series of things.
1 Calculate. 2 Combine possibilities. 3 Sniff for registered domains. 4 Sniff for active servers. 5 Sniff for active ports. 6 Sniff for files. Lots of sniffing.
To be more explicit, the process is to:
This is the brute force approach. If we can use the Riddle to generate all possible IP addresses, then the rest of the process is mechanical (and tedious), until we start looking for the actual files on the server.
Now it's possible to automate the process, using existing utilities.
First, use a pencil and paper to record all the possible octet groups that could make up the IP address. Next run up a quick program (BASIC or anything is acceptable - should only take a minute or two) to generate a text file combining the octet groups into a list of the "possible" IP addresses.
Next, there's a nice little freeware utility by Jim Price called NS-Batch you can find here. It takes a text file of IP addresses and does a domain name lookup (and then in reverse, to double check) for each of them, to tell us which ones have registered domain names. Now it may be that the +ORC site is at an IP address without a registered domain name. If true, we'll miss him using this approach. But in the interests of making the task a little easier, let's try this way first. We can always skip this step later.
With the list of registered domain names, we then need to Ping the IP addresses to see if they're active. I've not yet automated this bit. I had hoped the Windows 95 "DOS" version of Ping would accept redirected input, so I could cobble a batch file together and feed it the candidate IP addresses. But good old Microsoft, won't let you redirect input to the program (at least, I can't get it to feed itself from a text file). I'm pretty sure you can't batch feed WS-Ping either. So this bit's manual at present. Unless somebody can work out how to feed a text file of IP addresses into a Ping program. Let me know if you can.
Next, with a list of "live" IP addresses, we can use the Port Scanner utility to sniff out active ports. This utility is shareware, and available from Blue Globe Software here. Port Scanner will sniff out the active ports.
So, hopefully, we will finish up with a shortish list of IP addresses and ports that we can search manually for evidence of +ORC.
Well. That's the theory. I'm getting back to the business of sniffing. I've been trying out these ideas on a few sites that have aroused my curiosity in .cz and .ch . I'll report back "shortly".
Any comments? Email me