Forgot your password?
typodupeerror
Image

Microsoft RickRolls Wi-Fi Network Leechers 165

Posted by samzenpus
from the never-gonna-tell-a-lie-and-hurt-you dept.
An anonymous reader writes "Microsoft has revealed that it RickRolled users that were killing its TechEd conference Wi-Fi network last year by torrenting large files. Network administrators at the event quickly built a list of all of the top torrent trackers around and got the nod to add them all to the local DNS resolver and point them at a local Web server containing some Rick Roll scripts. According to the admin: 'It killed me that I didn't see anyone getting done by this first hand, but there were hundreds of impressions in the server logs containing the Rick Roll scripts so I did get a fair amount of satisfaction at least. It was the most evil of evil Rick Roll scripts too — worse than any that anyone has used to get me in the past.' Fun and games aside, it looks like the leechers will force quotas and traffic shaping for the first time in the event's history."

*

This discussion has been archived. No new comments can be posted.

Microsoft RickRolls Wi-Fi Network Leechers

Comments Filter:
  • by Mattskimo (1452429) on Thursday February 18, 2010 @05:18AM (#31181752)
    At least it wasn't Soulja Boy.
  • by Anonymous Coward

    that whoever owns the rights to "Never Gonna Give You Up" is receiving royalties.

    • Re: (Score:1, Troll)

      by ArsenneLupin (766289)

      that whoever owns the rights to "Never Gonna Give You Up" is receiving royalties.

      Maybe now is the time to gently introduce Micro$oft to the MAFIAA... That bloodshed should be phun to watch...

      • Re: (Score:3, Funny)

        by sopssa (1498795) *

        But if they embedded it from YouTube, Google would take the heat.

        Sounds like a plan.

    • Stock Aitken Waterman made more than enough cash at the turn of the 90s. In 1990 something like 2% of all records sold in the UK were produced by them. Between 1988 and 1990 there wasn't a single week when a record of theirs was not in the top 75.
      • that this man thinks a song from 1987 should still be earning him money

        yes, LEGALLY, he has a case, but morally and philosophically, he just seems like a giant asshole

        fact: there are no morally or philosophically coherent grounds that a song from 1987 should anyone anything. really

        and if you believe otherwise, you very much are a good definition of what is wrong with this world, in terms of a stunning display of greed backed up with force, overwhelming the common good

        • by WCguru42 (1268530) on Thursday February 18, 2010 @10:14AM (#31183836)

          and if you believe otherwise, you very much are a good definition of what is wrong with this world, in terms of a stunning display of greed backed up with force, overwhelming the common good

          What if I want to pretend that I believe this in the hopes that the RIAA will send it's dogs after Microsoft's (and maybe Google's) wolves and never come back. I feel fairly confident that Microsoft and Google have lawyers that would tear the RIAA apart in a real battle. There's a reason the RIAA hasn't taken strong tactics against them (specifically Google via YouTube) in the past.

        • by bkr1_2k (237627)

          Yeah, this quote from the GP linked article makes me want to puke. "I feel like one of those workers, because I earned less for a year's work off Google or YouTube than they did off the Bahrain government."

          The fact that he thinks that a couple hours (at most) worth of work over 20 years ago equates to "a year's work" today just makes the guy a giant douchebag. I have no problem with artists being paid for their work. He was paid, quite well from the sounds of it, when he actually did the work! (Apparent

        • and if you believe otherwise, you very much are a good definition of what is wrong with this world, in terms of a stunning display of greed backed up with force, overwhelming the common goodquote>and if you believe otherwise, you very much are a good definition of what is wrong with this world, in terms of a stunning display of greed backed up with force, overwhelming the common good

          I see. So I'm assuming that you plan on releasing YOUR PRODUCTION [bangamovie.com] for everyone's free use, right?? And you wouldn't mind at all if anyone feels like using your movie however they see fit, right?? And you wouldn't feel the least bit sleighted if your movie was used all over the place, millions of times, yet you saw only $11, right??

          Or maybe some Aesop [bartleby.com] might be in order here.

        • by tixxit (1107127)
          I hope this guy is including the increased sales from all the free advertising he got in his numbers. If he is, and it is still only 11 pounds, then that truly shows the value of the song. Free advertising to the tune of 154 000 000 views (!) and almost no extra people buying the album or song. Ouch... Take your licks and move on buddy.
          • by TheLink (130905)
            Does he also know that a significant percentage of those 154 million views were by people who did NOT want to watch his video at all? Or even never ever want to watch his video again ;).

            Anyone have an idea of what that percentage is? I know it's certainly higher than zero :).
        • by dangitman (862676)

          and if you believe otherwise, you very much are a good definition of what is wrong with this world, in terms of a stunning display of greed backed up with force, overwhelming the common good

          I'm pretty sure that if you owned the rights to a hit song from 1987, you'd be singing a different tune right now.

    • on what morally or philosophically coherent grounds does it make any sense to you that a song from the 1987 should still be earning anyone any money?

  • Evil (Score:5, Funny)

    by DeBaas (470886) on Thursday February 18, 2010 @05:29AM (#31181838) Homepage

    Rick Rolling, told you Microsoft is evil ;-)

  • Just for fun (Score:1, Interesting)

    by Anonymous Coward

    Suggestions please for equivalent at Apple & Linux events?

  • Call the RIAA!
  • ObRoll (Score:5, Funny)

    by wiredlogic (135348) on Thursday February 18, 2010 @05:51AM (#31181970)

    Just to get things rolling. Here is the tasteful mashup [youtube.com] with Nirvana.

  • Lame (Score:1, Funny)

    by kregg (1619907)

    Rick Rolling is so last year....

    • Re: (Score:2, Funny)

      Rick Rolling is so last year....

      What did you expect? This is Microsoft we're talking about here. They're always behind by a full year or five when it comes to internet memes.

      Maybe they'll redirect people to Epic Bearded Man video during the 2014 TechED.

    • Re:Lame (Score:5, Informative)

      by c6gunner (950153) on Thursday February 18, 2010 @06:47AM (#31182264)

      Rick Rolling is so last year....

      gee ...

      "Microsoft has revealed that it RickRolled users that were killing its TechEd conference WiFi network last year ....

      Look on the bright side - at least you didn't make a total ass of yourself by saying:

      What did you expect? This is Microsoft we're talking about here. They're always behind by a full year or five when it comes to internet memes.

      • by PhxBlue (562201)

        "Microsoft has revealed that it RickRolled users that were killing its TechEd conference WiFi network last year ....

        Whoosh!

  • by nuckfuts (690967) on Thursday February 18, 2010 @05:54AM (#31181992)

    From TFA:

    So we scheduled this script to run each minute to generate a list of offending MAC addresses.

    We reasoned that if you had a lot of mappings, and that a large proportion of those mappings were to a lot of distinct remote hosts, and largely not idle, that you are probably a Torrenter. OTOH, if you had, say, 20 connections open to a single host or a low number of hosts then this is probably quite fine.

    These scripts output a list of bad MACs, that we then just dropped into a block list in the core switches.

    And there you have it. The culprits fingered and booted off the network. Of course, they then just changed their MAC addresses, in which case they were then re-identified as soon as their utilisation crept up, and the new MAC was banned.

    This approach will work fine until one of the culprits decides to spoof the MAC address of your DNS servers (or whoever else they want to f*ck with) and gets them "booted off the network".

    • Re: (Score:1, Informative)

      by Anonymous Coward

      It's TechEd, not Hacking At Large (HAL2001). I recall somebody was taken aside for spoofing the mac address of an important server, the DNS server iirc.

    • Re: (Score:3, Insightful)

      by drinkypoo (153816)

      This approach will work fine until one of the culprits decides to spoof the MAC address of your DNS servers (or whoever else they want to f*ck with) and gets them "booted off the network".

      If you're on a different interface from the DNS server, how will you even know the MAC? And if you're on a different interface, what makes you think it will even work? Most APs have DNS proxies anyway, and no device worth using will send you packets destined for itself.

      • by nuckfuts (690967)
        I didn't say it was foolproof. I'm merely pointing out that automated block rules can almost always be abused to create denial of service attacks. If not on the DNS server's MAC, then some other shmuck on the same interface as you.
    • Re: (Score:2, Insightful)

      by Lars T. (470328)

      These scripts output a list of bad MACs, that we then just dropped into a block list in the core switches.

      And there you have it. The culprits fingered and booted off the network. Of course, they then just changed their MAC addresses, in which case they were then re-identified as soon as their utilisation crept up, and the new MAC was banned.

      This approach will work fine until one of the culprits decides to spoof the MAC address of your DNS servers (or whoever else they want to f*ck with) and gets them "booted off the network".

      Yeah, I'm sure they don't have a whitelist of MAC addresses from their own infrastructure that gets dropped very early in the scripts. Or an ACL on the switch that blocks them on every port they shouldn't be on.

      • by nuckfuts (690967)

        Yeah, I'm sure they don't have a whitelist of MAC addresses from their own infrastructure that gets dropped very early in the scripts.

        Hence the "or whoever else" part of what I wrote.

    • by jeffmeden (135043)

      The DNS server would, by their definition, be blacklisted almost immediately since it too will be creating a LOT of distinct connections to different addresses. Assuming they didn't shoot themselves in the foot by doing this (not adding it to a whitelist), they should be safe from would-be attackers.

      Much more annoying and troublesome would be a DoS of random other participants, blacking out everyone's access. That is, until the mob mentality kicks in and anyone caught watching a screener of the new Twilig

      • by nuckfuts (690967)

        The DNS server would, by their definition, be blacklisted almost immediately since it too will be creating a LOT of distinct connections to different addresses.

        They're probably only looking at TCP connections. DNS traffic usually runs over UDP.

    • by dangitman (862676)

      This approach will work fine until one of the culprits decides to spoof the MAC address of your DNS servers (or whoever else they want to f*ck with) and gets them "booted off the network".

      C'mon. It was a Microsoft conference. Nobody there is savvy enough to do such a thing.

  • by MichaelSmith (789609) on Thursday February 18, 2010 @05:59AM (#31182024) Homepage Journal

    When managing a resource such as CPU time, memory use or network traffic there should be ways to transparently mediate between users. You set some simple rules like "everybody gets a go" or "each host gets a slice of the network" and write some simple software to implement it.

    Okay so thats traffic shaping and I know its not as simple as I make it out to be but the approach used here seems crude and a waste of man hours.

    • Re: (Score:3, Funny)

      by muzzmac (554127)

      Okay so thats traffic shaping and I know its not as simple as I make it out to be but the approach used here seems crude and a waste of man hours.

      "Man hours"? Don't you mean "evil genius" hours?

    • by jeffmeden (135043)

      A profile that put all the torrent-like traffic into a queue with 25kbit/s of bandwidth would have probably been more effective, you are right. But honestly, if you had the chance to rick-roll those dicks, wouldn't you?

    • by socsoc (1116769)
      Yep. Since someone at some point gave him the go ahead to do this ridiculous idea that wasted time and it did little... I can't believe that they hadn't already made the call to block most ports or filter dns requests. This sounds a lot like a really poorly managed conference network and a really bored admin. Really though, it's a 150mbps network. That's like when I was in college and downloaded linux isos from other universities just to see how fast the transfer would be. It's not my fault if they allo
    • What makes traffic shaping tricky is that you have to do it at the pinch point(s). Worse depending on network design and loading the pinch point(s) can move arround (though in this situation they probablly won't).

      Now in something like a conference network the pinch point is probabblly the connection from the conference network to the internet (assuming all internal backbones are faster than the route offsite). So this is where you have to do your traffic shaping. However this is a high bandwidth point AND i

  • Been Slashdotted (Score:4, Informative)

    by one cup of coffee (1623645) on Thursday February 18, 2010 @06:06AM (#31182056)
    It looks like the news link has been Slashdotted, Here's a mirror to the link

    ic news story Microsoft [youtube.com]
    • That looks like a.. oh wait a minute.. mirrors on youtube? I'm not falling for this one again...
    • by notnAP (846325)

      The sheer brilliance of slashdot is revealed in this post not by the poster (granted, good job though), but by the moderators who modded the post all the way up to +5 Informative instead of funny. If I could mod a mod, I'd mod that fucking hilarious.

      • by socsoc (1116769)
        Funny mods don't provide any karma. Since it was so clever, they probably went with informative to provide karma and also additionally rickroll people.
  • Redirecting trackers (Score:3, Interesting)

    by threephaseboy (215589) on Thursday February 18, 2010 @06:29AM (#31182170) Homepage

    So you redirect a BT client to a "rickroll" whenever it tries to get a list of peers, and this page is never seen by the end user.
    You did a great job!
    Oh wait...

    We reasoned that if you had a lot of mappings, and that a large proportion of those mappings were to a lot of distinct remote hosts, and largely not idle, that you are probably a Torrenter.(...) These scripts output a list of bad MACs, that we then just dropped into a block list in the core switches.

    Yeah, that might have been a little more helpful than redirecting a client (which will just use DHT instead to find peers)

    • Re: (Score:2, Insightful)

      by natehoy (1608657)

      Sure it is. Most of these people are going to be surfing the Web at the same time. Especially once they see all their Torrents go to zero, they'll want to log in and see if their tracker is down. Start up their web browser, go to their torrent site, and get rickrolled.

      The important part is that the torrents are dropped. If the (ab)user also gets rickrolled, it's considered a bonus.

    • Re: (Score:3, Funny)

      by initialE (758110)

      Well the joke's on them, I was trying to torrent Rick Astley!

  • by jamesh (87723) on Thursday February 18, 2010 @06:42AM (#31182232)

    I solved this problem at the local library's public access wireless with a linux router and a token bucket filter with a big bucket. Each IP address gets a 10MByte bucket that fills up at 256kbits/second. The bucket is big enough that they'll never know they are limited for normal browsing, but a torrent sucks it try really fast and drops down to a slow enough speed that it's not really worthwhile. And even if they do stick with it at least they aren't burning through tens of gigabytes per day. It beats any other filter i've ever tried.

    I still fondly remember the howls of dismay from the leechers when I turned it... they just couldn't understand why their downloads start at 20mbits/second but slow down to a crawl almost straight away :)

  • wait (Score:4, Funny)

    by circletimessquare (444983) <[moc.liamg] [ta] [erauqssemitelcric]> on Thursday February 18, 2010 @08:40AM (#31182872) Homepage Journal

    "It was the most evil of evil Rick Roll scripts too -- worse than any that anyone has used to get me in the past."

    correct me if i'm wrong, but rickrolling implies its just rick astley singing about how he won't let you down, right?

    so what the heck is he referring to in the quote above? did they distribute 1080p video of ballmer in his underwear singing karaoke and throwing chairs?

    speaking of which, a GIS for ballmer is not exactly flattering

    http://images.google.com/images?q=ballmer [google.com]

    who would have guessed a GOOGLE image search wouldn't be flattering to steve ballmer?

    i wonder what a bing image search for ballmer would... jesus what am i doing, better stop now before i run into rule 34

    • Ballmer doesn't care. He rolls his fat, sweaty, nekkid body around on piles of $100 bills and farts in your general direction.
  • I know that it is impolitic to do anything but bash MS on this site, but come on, this was funny.

    MS addressed a problem by combining clever sleuthing with some humor.

    This tells me that MS is getting a pulse.

Man must shape his tools lest they shape him. -- Arthur R. Miller

Working...