Hey c'mon guys, y'all can do better than that!
(Competing for longest coherent first post)
In the following I will assume this is not a proven hoax.
It'a got to be a port knock sequence, either encrypted (indicated by the structure ...23-1 23-1 22-2 ?) or unencrypted just telling which ports to try.
Lead on by a comment in another thread I don't remember (google) I looked up
port knocking. What do you think? The host is called "ninebows", nine bows? Does this that the knocking sequence consists of 9 "knocks"? If so, the task is to find what ports (or what encrypted knock sequence) the numbers represent and try it out.
It is really not that far out or illogical, it's just a pretty steep progression from step 3. The author is clearly teasing when he states that school kids would be able to figure it out, though some undoubtedly would. Port knocking may be hack safe, but that's why he provided the bloody knock sequence on the page!
I think you need an ssh client to try it out and since I'm to lazy I won't try it out, but I know some of you will :)
I think maybe ninebows is a webserver with only port 80 open. It is managed over the net by performing the knock sequence, that is trying to connect to a specified sequence of ports (that the port knocking deamon recognizes) in turn and failing of course, since the ports are all set to deny. When you perform the knock correctly, abracadabra! you are given access to a certain port (23, 8081 or some other) for a certain amount of time. This scheme has been implemented in many more or less obscure ways.
Concerning the "encoding" problem, since this is a contest (The author in his blog), the encoding should be logic, say like an iq test. I lean towards two theories, having only superficial knowledge of TCP/IP, firewalls and port knocking:
1) The numbers are port numbers in correct sequence of 9 ports, in base 8, 10 or 16. Any other base would be ridiculous cause no computer uses that(!?) The + and - probably indicates shifting to left or right, in order to not make it obvious or guessable.
2) The numbers is a port knocking sequence in some specific system, probably common, in either base 8, 10 or 16. The + and - could be part of knocking sequence syntax (package format like {header, data, checksum, end}). The port opened could also be encrypted in the sequence.
I tried to access the ports in the browser (e.g.: ninebows.com:240), for some ports it reported that the port was diabled for security reasons (!), for others it specifically refused connection(!!).
If this isn't enough reason why this could be a genuine riddle, then I don't know the slightest reason.
Some other points:
* A google search yields almost nothing, mostly people getting stuck at step 3 over a period of several months.
* Nothing indicates that this is a hoax. It is way to elaborate to not go further than this. In his guest book, the author is asked if anybody made it past 3 yet. Seems not many are really trying.
* If we assume that it's not a hoax we must conclude either that hack.net is not well known or step 3 is pretty efficient against most people. But the real hackers don't share their secrects! Are there any real hackers?
* This will probably turn out to be another script kiddie like myself, setting up his first linux firewall and thoght he'd show it off in a clever geeky way. And these hacker games are quite cool and attractive, so why not plagiate to get some attention. <--- my best guess
* That rally car had the number 539 or something - is this significant at all?
I agree it's sad that many people have wasted their time on this not getting ANY further, but it is rather cool when you think about it. Now go and study and come back when you have the time. This cannot die until the most basic effort has been made to solve it logically.
Please don't give up, I wanna know the solution :)
(btw, I'm new here, been using the forums for info and fun the 2-3 yeras. I'll try and develop some manners should I find it worthwhile to post here :))
Let the race begin!
David
edit: fixed link.
[Edited by - Don Carnage on December 9, 2004 7:45:57 AM]
It is I, the spectaculous Don Karnage! My bloodthirsty horde is on an intercept course with you. We will be shooting you and looting you in precisely... Ten minutes. Felicitations!