Microsoft RickRolls Wi-Fi Network Leechers

An anonymous reader writes "Microsoft has revealed that it RickRolled users that were killing its TechEd conference Wi-Fi network last year by torrenting large files. Network administrators at the event quickly built a list of all of the top torrent trackers around and got the nod to add them all to the local DNS resolver and point them at a local Web server containing some Rick Roll scripts. According to the admin: 'It killed me that I didn't see anyone getting done by this first hand, but there were hundreds of impressions in the server logs containing the Rick Roll scripts so I did get a fair amount of satisfaction at least. It was the most evil of evil Rick Roll scripts too — worse than any that anyone has used to get me in the past.' Fun and games aside, it looks like the leechers will force quotas and traffic shaping for the first time in the event's history."

It could have been worse...

[Mattskimo]

At least it wasn't Soulja Boy.

Re:

[sopssa]

At least it wasn't Soulja Boy.

Or this [youtube.com].

Re:

[Hurricane78]

I guess this is the first time I am happy to see a “not available in my country” error. ;)

Re:

[darkpixel2k]

At least it wasn't Soulja Boy.

Or this [youtube.com].

Hey--slow down there. At least it wasn't this [microsoft.com]

Re:

[Hurricane78]

Or Die Antwood.

Please tell me...

[Anonymous Coward]

that whoever owns the rights to "Never Gonna Give You Up" is receiving royalties.

Re:

[ArsenneLupin]

that whoever owns the rights to "Never Gonna Give You Up" is receiving royalties.

Maybe now is the time to gently introduce Micro$oft to the MAFIAA... That bloodshed should be phun to watch...

Re:

[sopssa]

But if they embedded it from YouTube, Google would take the heat.

Sounds like a plan.

Re:

[Miseph]

Aw heeellll naw, foo! Don't be hatin' just cuz you're AC, yo.

Let's roll on Dubs. LL Cool J. Civics look good with racing stripes and wings.

Re:

[ArsenneLupin]

Wow, an AC who knows that you can click on a user's name and see his posting history. I'm impressed.

Re:

[LordSnooty]

Stock Aitken Waterman made more than enough cash at the turn of the 90s. In 1990 something like 2% of all records sold in the UK were produced by them. Between 1988 and 1990 there wasn't a single week when a record of theirs was not in the top 75.

Re:

[xorsyst]

Not very much...
http://www.telegraph.co.uk/culture/music/5130427/Pete-Waterman-I-was-exploited-by-Google.html [telegraph.co.uk]

it doesn't make sense to me

[circletimessquare]

that this man thinks a song from 1987 should still be earning him money

yes, LEGALLY, he has a case, but morally and philosophically, he just seems like a giant asshole

fact: there are no morally or philosophically coherent grounds that a song from 1987 should anyone anything. really

and if you believe otherwise, you very much are a good definition of what is wrong with this world, in terms of a stunning display of greed backed up with force, overwhelming the common good

Re:it doesn't make sense to me

[WCguru42]

and if you believe otherwise, you very much are a good definition of what is wrong with this world, in terms of a stunning display of greed backed up with force, overwhelming the common good

What if I want to pretend that I believe this in the hopes that the RIAA will send it's dogs after Microsoft's (and maybe Google's) wolves and never come back. I feel fairly confident that Microsoft and Google have lawyers that would tear the RIAA apart in a real battle. There's a reason the RIAA hasn't taken strong tactics against them (specifically Google via YouTube) in the past.

Re:

[bkr1_2k]

Yeah, this quote from the GP linked article makes me want to puke. "I feel like one of those workers, because I earned less for a year's work off Google or YouTube than they did off the Bahrain government."

The fact that he thinks that a couple hours (at most) worth of work over 20 years ago equates to "a year's work" today just makes the guy a giant douchebag. I have no problem with artists being paid for their work. He was paid, quite well from the sounds of it, when he actually did the work! (Apparent

Re:

[Red Flayer]

it's the equivalent of marie antoinette saying "let them eat cake" when told starving parisians don't have bread: the guy is so clueless as to real world labor, he actually and sincerely believes that not being paid for writing a song 23 years ago places him in the same category as modern slavery

FWIW -- that quote is misattributed to Antoinette. It was written by Jean-Jacques Russeau, and it is unknown whether it is an actual quote or a fabrication by Russeau. Many historians believe it was uttered by the

Re:

[Critical Facilities]

and if you believe otherwise, you very much are a good definition of what is wrong with this world, in terms of a stunning display of greed backed up with force, overwhelming the common goodquote>and if you believe otherwise, you very much are a good definition of what is wrong with this world, in terms of a stunning display of greed backed up with force, overwhelming the common good

I see. So I'm assuming that you plan on releasing YOUR PRODUCTION [bangamovie.com] for everyone's free use, right?? And you wouldn't mind at all if anyone feels like using your movie however they see fit, right?? And you wouldn't feel the least bit sleighted if your movie was used all over the place, millions of times, yet you saw only $11, right??

Or maybe some Aesop [bartleby.com] might be in order here.

Re:

[Critical Facilities]

Well, I'll offer your own words back to you:

i could put it on youtube, and get money from advertising clicks. or charge the odd bird who wants it on dvd $10. or i rent a theatre, take out advertising, and sell tickets. in other words, i make my money in theatres, or i make it via ancillary revenue streams.

So it seems that you're OK with YOU making money off of your movie via advertising click, dvd reproduction or what have you, however this doesn't extend to everyone else.

Got it. Makes perfect sense. I'll get to work on adapting to your way of thinking.

Look, the guy was an asshole plain and simple in his choice of words. I just get sick of everyone frothing at the mouth every time some artist (like you and me, dude) wants to be able to make some money for

you don't understand what i am saying

[circletimessquare]

"So it seems that you're OK with YOU making money off of your movie via advertising click, dvd reproduction or what have you, however this doesn't extend to everyone else."

what? of course it extends to everyone else

what doesn't extend to everyone else, nor to me, is that i have ANY say in how my movie is distributed once its out there on the internet

i don't understand why you are not seeing this point, or why you are confusing this point with some other point of argument that i am not defending/ advocating

p

Re:

[Critical Facilities]

i could put it on youtube, and get money from advertising clicks......what doesn't extend to everyone else, nor to me, is that i have ANY say in how my movie is distributed once its out there on the internet i don't understand why you are not seeing this point, or why you are confusing this point with some other point of argument that i am not defending/ advocating perhaps its too subtle a point?

I'm confused because it seems as if you're contradicting yourself. On one hand, you want to be able to have the right to make some money off of posting your film on YouTube by putting some ads on the page. Fair enough. On the other hand, you seem to bristle at the suggesting that this Pete Waterman wants the same thing since a song he co-wrote became an internet fad and everyone in the world seemed to be posting links to Youtube videos of the song.

Believe me, dude, I'm not trying to pick a fight her

after TWENTY THREE years??!!

[circletimessquare]

and besides, he's not asking for ad revenue, which he would deserve (in a sane time span)

he's asking for google to give him gobs of cash just because of something he wrote 23 years ago. hey, i helped build my neighbor's porch twenty three years ago. its my "intellectual property": i figure out the best way to plant the posts. i'll go over tomorrow and hit him up for $100 x 23 years. seems like a fair number to me. adjusted for how many parties he hosted on the deck, including all transfers along the chain o

Re:

[tixxit]

I hope this guy is including the increased sales from all the free advertising he got in his numbers. If he is, and it is still only 11 pounds, then that truly shows the value of the song. Free advertising to the tune of 154 000 000 views (!) and almost no extra people buying the album or song. Ouch... Take your licks and move on buddy.

Re:

[TheLink]

Does he also know that a significant percentage of those 154 million views were by people who did NOT want to watch his video at all? Or even never ever want to watch his video again ;).

Anyone have an idea of what that percentage is? I know it's certainly higher than zero :).

Re:

[dangitman]

and if you believe otherwise, you very much are a good definition of what is wrong with this world, in terms of a stunning display of greed backed up with force, overwhelming the common good

I'm pretty sure that if you owned the rights to a hit song from 1987, you'd be singing a different tune right now.

i have plenty of piece of mind

[circletimessquare]

howabout this crazy wacky "communist" thinking of mine: if the movie is good, producers recoup their investment in theatres. if the movie sucks, then they lose money. end of fucking story. the point is, what i am advocating is not some techno anarchist bullshit. what i'm advocating for is called PURE CAPITALISM. meanwhile, the current system is not defending itself from "information wants to be free man" technohippies. they are oligopolies and monopolies, using intellectual property law from before the inte

why?

[circletimessquare]

on what morally or philosophically coherent grounds does it make any sense to you that a song from the 1987 should still be earning anyone any money?

what does that prove?

[circletimessquare]

someone made money off a song from 1992. so what?

yes, in today's legal environment, this is possible. but it's not a defensible status quo

Re:

[srussia]

Here's Rick himself getting RickRolled (or RodeRickRolled, something circletimessquare might appreciate):

http://www.youtube.com/watch?v=pLq_T-3z9co [youtube.com]

At least he's still giving live performances to make his money.

Re:

[dangitman]

but it's not a defensible status quo

Why not?

Re:

[Golddess]

I'm not entirely certain what you're trying to say with that link, but if you're saying what I think you're saying, then my response is they're not making money off the song, they're making money off their performance of the song. Big difference.

Evil

[DeBaas]

Rick Rolling, told you Microsoft is evil ;-)

Re:Evil

[The Mighty Buzzard]

Network admins are evil by default, Microsoft or not. Most of them aren't nearly as creatively hilarious as this though.

Re:

[DataBroker]

This is almost an elementary-school math proof. Evil admins (negative) at Evil empire (negative) automatically become humorous and creative (positive).

Re:

[PinkyGigglebrain]

Not all are Evil, most are just Chaotic Neutral.

Re:

[WCguru42]

My network admin enjoys taking my internet away whenever I am working. I am a Computer Technician so I need it almost all day. But he does not care. He laughs while I fail.

Strengthening your forearm so you can better use a screw driver does not count as work.

Re:Evil

[sycorob]

Am I the only one that's terrified to click on any links here?

Re:

[DeBaas]

There is a RickBlockPlugin [youtube.com] for Firefox. Install that, and you should be safe.

Re:

[WoodenTable]

Why yes, I DO go to youtube.com for all my firefox plugins! I imagine it will be extremely satisfying to finally have something that will protect me from rickrolls, once I get around to clicking on that link.

Re:

[thePowerOfGrayskull]

Rick Rolling, told you Microsoft is evil ;-)

I agree with you. In fact, I have recorded an incisive and insightful video commentary on exactly this subject, which you can find at this location [youtube.com].

Just for fun

[Anonymous Coward]

Suggestions please for equivalent at Apple & Linux events?

Re:

[stonedcat]

Chair throwing video?

Re:Just for fun

[Beale]

Appropriate variants of the 1984 ad.

Re:

[Lars T.]

Suggestions please for equivalent at Apple & Linux events?

Force install of Win ME.

Re:

[Gonoff]

ME is not an operating system. It's a medical Condition.

Re:

[Gonoff]

Myalgic encephalomyelitis is not the same as muscular sclerosis. MS is also a medical condition.

Re:

[Arthur Grumbine]

You, sir, apparently have trouble distinguishing between humor and sadistic malice. I also find your comment terribly insensitive towards those who had/have to provide technical support for friends and family using ME. They try to deny it, but I know their just using ME.

Call the RIAA

[upto0013]

Call the RIAA!

ObRoll

[wiredlogic]

Just to get things rolling. Here is the tasteful mashup [youtube.com] with Nirvana.

Re:

[TornCityVenz]

To complain about problems encountered while using their network a help line was published. 772-257-4501 Call for assistance.

Re:

[Hurricane78]

Pff, this one has 50 Cent instead of Rick, but it takes the cakes. All of them! ^^
http://www.youtube.com/watch?v=jkyc1dxL3N0 [youtube.com]

Lame

[kregg]

Rick Rolling is so last year....

Re:

[Renderer of Evil]

Rick Rolling is so last year....

What did you expect? This is Microsoft we're talking about here. They're always behind by a full year or five when it comes to internet memes.

Maybe they'll redirect people to Epic Bearded Man video during the 2014 TechED.

Re:Lame

[c6gunner]

Rick Rolling is so last year....

gee ...

"Microsoft has revealed that it RickRolled users that were killing its TechEd conference WiFi network last year ....

Look on the bright side - at least you didn't make a total ass of yourself by saying:

What did you expect? This is Microsoft we're talking about here. They're always behind by a full year or five when it comes to internet memes.

Re:

[PhxBlue]

"Microsoft has revealed that it RickRolled users that were killing its TechEd conference WiFi network last year ....

Whoosh!

Can you spell DoS?

[nuckfuts]

From TFA:

So we scheduled this script to run each minute to generate a list of offending MAC addresses.

We reasoned that if you had a lot of mappings, and that a large proportion of those mappings were to a lot of distinct remote hosts, and largely not idle, that you are probably a Torrenter. OTOH, if you had, say, 20 connections open to a single host or a low number of hosts then this is probably quite fine.

These scripts output a list of bad MACs, that we then just dropped into a block list in the core switches.

And there you have it. The culprits fingered and booted off the network. Of course, they then just changed their MAC addresses, in which case they were then re-identified as soon as their utilisation crept up, and the new MAC was banned.

This approach will work fine until one of the culprits decides to spoof the MAC address of your DNS servers (or whoever else they want to f*ck with) and gets them "booted off the network".

Re:

[Anonymous Coward]

It's TechEd, not Hacking At Large (HAL2001). I recall somebody was taken aside for spoofing the mac address of an important server, the DNS server iirc.

Re:

[drinkypoo]

This approach will work fine until one of the culprits decides to spoof the MAC address of your DNS servers (or whoever else they want to f*ck with) and gets them "booted off the network".

If you're on a different interface from the DNS server, how will you even know the MAC? And if you're on a different interface, what makes you think it will even work? Most APs have DNS proxies anyway, and no device worth using will send you packets destined for itself.

Re:

[nuckfuts]

I didn't say it was foolproof. I'm merely pointing out that automated block rules can almost always be abused to create denial of service attacks. If not on the DNS server's MAC, then some other shmuck on the same interface as you.

Re:

[Lars T.]

These scripts output a list of bad MACs, that we then just dropped into a block list in the core switches.

And there you have it. The culprits fingered and booted off the network. Of course, they then just changed their MAC addresses, in which case they were then re-identified as soon as their utilisation crept up, and the new MAC was banned.

This approach will work fine until one of the culprits decides to spoof the MAC address of your DNS servers (or whoever else they want to f*ck with) and gets them "booted off the network".

Yeah, I'm sure they don't have a whitelist of MAC addresses from their own infrastructure that gets dropped very early in the scripts. Or an ACL on the switch that blocks them on every port they shouldn't be on.

Re:

[nuckfuts]

Yeah, I'm sure they don't have a whitelist of MAC addresses from their own infrastructure that gets dropped very early in the scripts.

Hence the "or whoever else" part of what I wrote.

Re:

[nuckfuts]

Did I forget they also don't have a tool that detects duplicate MAC addresses, doesn't tell them that they keep appearing on one port of the switch, no way of knowing where the computer hooked-up to the port may be...

I'm assuming most users are using a wireless connection. How are you going to locate the guy in a crowd of 2,500 people who's playing around with his MAC address?

Re:

[jeffmeden]

The DNS server would, by their definition, be blacklisted almost immediately since it too will be creating a LOT of distinct connections to different addresses. Assuming they didn't shoot themselves in the foot by doing this (not adding it to a whitelist), they should be safe from would-be attackers.

Much more annoying and troublesome would be a DoS of random other participants, blacking out everyone's access. That is, until the mob mentality kicks in and anyone caught watching a screener of the new Twilig

Re:

[nuckfuts]

The DNS server would, by their definition, be blacklisted almost immediately since it too will be creating a LOT of distinct connections to different addresses.

They're probably only looking at TCP connections. DNS traffic usually runs over UDP.

Re:

[dangitman]

This approach will work fine until one of the culprits decides to spoof the MAC address of your DNS servers (or whoever else they want to f*ck with) and gets them "booted off the network".

C'mon. It was a Microsoft conference. Nobody there is savvy enough to do such a thing.

Re:

[nuckfuts]

The rickrolling described in the article was accomplished by DNS poisoning. They are obviously running their own (local) DNS servers.

Resource allocation

[MichaelSmith]

When managing a resource such as CPU time, memory use or network traffic there should be ways to transparently mediate between users. You set some simple rules like "everybody gets a go" or "each host gets a slice of the network" and write some simple software to implement it.

Okay so thats traffic shaping and I know its not as simple as I make it out to be but the approach used here seems crude and a waste of man hours.

Re:

[muzzmac]

Okay so thats traffic shaping and I know its not as simple as I make it out to be but the approach used here seems crude and a waste of man hours.

"Man hours"? Don't you mean "evil genius" hours?

Re:

[jeffmeden]

A profile that put all the torrent-like traffic into a queue with 25kbit/s of bandwidth would have probably been more effective, you are right. But honestly, if you had the chance to rick-roll those dicks, wouldn't you?

Re:

[socsoc]

Yep. Since someone at some point gave him the go ahead to do this ridiculous idea that wasted time and it did little... I can't believe that they hadn't already made the call to block most ports or filter dns requests. This sounds a lot like a really poorly managed conference network and a really bored admin. Really though, it's a 150mbps network. That's like when I was in college and downloaded linux isos from other universities just to see how fast the transfer would be. It's not my fault if they allo

Re:

[petermgreen]

What makes traffic shaping tricky is that you have to do it at the pinch point(s). Worse depending on network design and loading the pinch point(s) can move arround (though in this situation they probablly won't).

Now in something like a conference network the pinch point is probabblly the connection from the conference network to the internet (assuming all internal backbones are faster than the route offsite). So this is where you have to do your traffic shaping. However this is a high bandwidth point AND i

Been Slashdotted

[one cup of coffee]

It looks like the news link has been Slashdotted, Here's a mirror to the link

ic news story Microsoft [youtube.com]

Re:

[ZeroExistenZ]

That looks like a.. oh wait a minute.. mirrors on youtube? I'm not falling for this one again...

Re:

[shentino]

Damnit...I not only got rickrolled but I Lost The Game too.

oblig. xkcd

[ChinggisK]

http://xkcd.com/391/ [xkcd.com]

Re:

[notnAP]

The sheer brilliance of slashdot is revealed in this post not by the poster (granted, good job though), but by the moderators who modded the post all the way up to +5 Informative instead of funny. If I could mod a mod, I'd mod that fucking hilarious.

Re:

[socsoc]

Funny mods don't provide any karma. Since it was so clever, they probably went with informative to provide karma and also additionally rickroll people.

Redirecting trackers

[threephaseboy]

So you redirect a BT client to a "rickroll" whenever it tries to get a list of peers, and this page is never seen by the end user.
You did a great job!
Oh wait...

We reasoned that if you had a lot of mappings, and that a large proportion of those mappings were to a lot of distinct remote hosts, and largely not idle, that you are probably a Torrenter.(...) These scripts output a list of bad MACs, that we then just dropped into a block list in the core switches.

Yeah, that might have been a little more helpful than redirecting a client (which will just use DHT instead to find peers)

Re:

[natehoy]

Sure it is. Most of these people are going to be surfing the Web at the same time. Especially once they see all their Torrents go to zero, they'll want to log in and see if their tracker is down. Start up their web browser, go to their torrent site, and get rickrolled.

The important part is that the torrents are dropped. If the (ab)user also gets rickrolled, it's considered a bonus.

Re:

[initialE]

Well the joke's on them, I was trying to torrent Rick Astley!

TBF with a big bucket

[jamesh]

I solved this problem at the local library's public access wireless with a linux router and a token bucket filter with a big bucket. Each IP address gets a 10MByte bucket that fills up at 256kbits/second. The bucket is big enough that they'll never know they are limited for normal browsing, but a torrent sucks it try really fast and drops down to a slow enough speed that it's not really worthwhile. And even if they do stick with it at least they aren't burning through tens of gigabytes per day. It beats any other filter i've ever tried.

I still fondly remember the howls of dismay from the leechers when I turned it... they just couldn't understand why their downloads start at 20mbits/second but slow down to a crawl almost straight away :)

Re:

[trawg]

Do you have any implementation details of how you did this? This sounds like a really awesome and handy trick, love to know how it's done if you don't mind sharing!

Re:TBF with a big bucket

[David M. Andersen]

It's actually pretty easy in linux. http://lartc.org/howto/lartc.qdisc.classless.html#AEN691 [lartc.org] In fact, http://lartc.org/ [lartc.org] has loads of good stuff.

Re:

[advocate_one]

such a pity you can't patent this now you've bragged about it... or have you already patented it?

TBF with a big bucket-Howls of pain.

[Anonymous Coward]

"I still fondly remember the howls of dismay from the leechers when I turned it... they just couldn't understand why their downloads start at 20mbits/second but slow down to a crawl almost straight away :)"

You wouldn't happen to have an audio copy by any chance?

Re:

[bkr1_2k]

It was probably something like this: http://www.youtube.com/watch?v=YersIyzsOpc [youtube.com] (not a rick-roll)

Not a Rick-Roll. Right, how are we expected to believe that?!

Re:

[Ihmhi]

cd router/apps/pwnage

./ihasabucket

Re:

[petermgreen]

Nice idea for smaller networks but I doubt having a seperate bucket for every IP scales very well.

Re:

[jamesh]

Nice idea for smaller networks but I doubt having a seperate bucket for every IP scales very well.

Why not? A TBF is about the simplest shaping method you can do! It requires a few 32 bit counters per IP and a few calculations per packet. Do you have a per-IP shaping idea that scales better?

If you had enough IP addresses where it might be a problem then you are almost certainly using NAT too, which requires a much larger memory and processing footprint than TBF.

wait

[circletimessquare]

"It was the most evil of evil Rick Roll scripts too -- worse than any that anyone has used to get me in the past."

correct me if i'm wrong, but rickrolling implies its just rick astley singing about how he won't let you down, right?

so what the heck is he referring to in the quote above? did they distribute 1080p video of ballmer in his underwear singing karaoke and throwing chairs?

speaking of which, a GIS for ballmer is not exactly flattering

http://images.google.com/images?q=ballmer [google.com]

who would have guessed a GOOGLE image search wouldn't be flattering to steve ballmer?

i wonder what a bing image search for ballmer would... jesus what am i doing, better stop now before i run into rule 34

Re:

[Low Ranked Craig]

Ballmer doesn't care. He rolls his fat, sweaty, nekkid body around on piles of $100 bills and farts in your general direction.

Give MS A Break

[bxwatso]

I know that it is impolitic to do anything but bash MS on this site, but come on, this was funny.

MS addressed a problem by combining clever sleuthing with some humor.

This tells me that MS is getting a pulse.

Re:

[geekmux]

Public performance of an artist's work without paying the lawers, er I mean the artist! Suing time

That's OK, Microsoft is so eeeevil, they'll just buy it. No, not the song, I mean they'll buy Rick.

Anybody know what he's up to these days, I mean besides being the "who the hell is this?!?" guy to a whole new generation...

Re:

[peragrin]

why would they buy Rick he doesn't hold the copyright? his studios own those copyrights along with his soul and all of his loans, including credit cards,

it is the catch 22 of the music industry that is never really talked about.

Re:

[sopssa]

They couldn't had technically change the files being downloaded, so they probably just put a rickroll video on the actual bittorrent websites.

Re:

[netsharc]

Well, making the downloads fail is a bit dumb, they should just intercept the HTTP-download request for the original torrent file, parse the file, and serve up the rick_roll.avi.torrent with the filename replaced with the file the downloader wanted (so it'll be called family.guy.s8e12.avi, but only 50MB big and contain Rick Astley). And maybe a readme.txt if you want to scare them...

Re:How do Rick Roll scripts work?

[natehoy]

No. As I understand it, those who are rickrolled basically get a customized DNS response that points all page requests to a local server with one web page and a blind redirect to that web page. That single web page has an embedded rickroll video.

Somewhat similar to how airports on a pay-for connection, or hotel connections work. Try to go to any website, and you get redirected to a login or purchase page.

Presumably any other connections not on port 80 (torrent, FTP, etc) are dropped.

So if you're surfing the web while torrenting, you'll get the rickroll video on the next page you load after you are detected, and you'll find that all of your torrents suddenly stop connecting.

Re:

[Bad Ad]

because they dont have several websites that have huge amounts of hits (windows update, hotmail, etc) so they clearly couldnt know anything about networking.

Re:

[ZeroExistenZ]

Possibly they've hired enough highly educated idjits to do it themselves by now.

I challenge thé, to setup a company, manage it to outperform Microsoft after you've modified a minimal "discarted" OS yourself and repackaged it to sell it as your own, with support and an agile development cycle, staying under a 2 percentile bugrate on all code in production while each "release" you have to think up something that seems to be "fresh" enough or an "improvement" over the last version in order to resell your

Re:

[RogerWilco]

I understood from the article (I must be new here) that they went to the developers of ipnat.sys, the driver in windows itself. I suppose those know something about networking, especially their own code.

Re:

[commlinx]

I bet they used Linux to do this... is it even possible to do something like this in windows?

Well Windows server platforms do happen to have a functional DNS and web server. Sure they might be a bit bloated bit this would have been trivial under either O/S.