Microsoft RickRolls Wi-Fi Network Leechers 165
An anonymous reader writes "Microsoft has revealed that it RickRolled users that were killing its TechEd conference Wi-Fi network last year by torrenting large files. Network administrators at the event quickly built a list of all of the top torrent trackers around and got the nod to add them all to the local DNS resolver and point them at a local Web server containing some Rick Roll scripts. According to the admin: 'It killed me that I didn't see anyone getting done by this first hand, but there were hundreds of impressions in the server logs containing the Rick Roll scripts so I did get a fair amount of satisfaction at least. It was the most evil of evil Rick Roll scripts too — worse than any that anyone has used to get me in the past.' Fun and games aside, it looks like the leechers will force quotas and traffic shaping for the first time in the event's history."
Re:Evil (Score:5, Insightful)
Resource allocation (Score:3, Insightful)
When managing a resource such as CPU time, memory use or network traffic there should be ways to transparently mediate between users. You set some simple rules like "everybody gets a go" or "each host gets a slice of the network" and write some simple software to implement it.
Okay so thats traffic shaping and I know its not as simple as I make it out to be but the approach used here seems crude and a waste of man hours.
Re:What surprises me... (Score:2, Insightful)
Re:Just for fun (Score:4, Insightful)
Re:Can you spell DoS? (Score:3, Insightful)
This approach will work fine until one of the culprits decides to spoof the MAC address of your DNS servers (or whoever else they want to f*ck with) and gets them "booted off the network".
If you're on a different interface from the DNS server, how will you even know the MAC? And if you're on a different interface, what makes you think it will even work? Most APs have DNS proxies anyway, and no device worth using will send you packets destined for itself.
Re:Can you spell DoS? (Score:2, Insightful)
These scripts output a list of bad MACs, that we then just dropped into a block list in the core switches.
And there you have it. The culprits fingered and booted off the network. Of course, they then just changed their MAC addresses, in which case they were then re-identified as soon as their utilisation crept up, and the new MAC was banned.
This approach will work fine until one of the culprits decides to spoof the MAC address of your DNS servers (or whoever else they want to f*ck with) and gets them "booted off the network".
Yeah, I'm sure they don't have a whitelist of MAC addresses from their own infrastructure that gets dropped very early in the scripts. Or an ACL on the switch that blocks them on every port they shouldn't be on.
Re:Redirecting trackers (Score:2, Insightful)
Sure it is. Most of these people are going to be surfing the Web at the same time. Especially once they see all their Torrents go to zero, they'll want to log in and see if their tracker is down. Start up their web browser, go to their torrent site, and get rickrolled.
The important part is that the torrents are dropped. If the (ab)user also gets rickrolled, it's considered a bonus.