The Attack That Could Disrupt The Whole Internet - Computerphile

I was gonna tell you guys a joke about UDP, but you might not get it.

razielhamalakh

Tom Scott is to computerphile what James Grime is to numberphile

GtaRockt

And I though I was scary pulling a flash drive out without safely ejecting

SafetyLucas

A funny story from fall semester during the 2020 pandemic: because my university's classes were all online, one of my professors set up a website on a server he physically owned in his basement that he would upload assignments on. Turns out that was a bad idea because after every class when he would give us this week's assignment, he would get kicked offline from every student downloading from his server at the same time.

spazmaster

Somebody should make a video. 3 guys are sitting in a room.
Guy 1 puts on a mask that looks like guy 3
Guy 1 whispers "Monlist" to guy 2
Guy 2 throws a huge stack of paper at guy 3

ericsarason

This reminds me of a project we had to do for University.
We had to build a database driven web application. However, in order to fill our database, we were required to get our data from websites. In the end, it turned out that at least 5 groups were mass scraping the same website during a few weekends. Even though we never meant it to be a DOS attack, the poor server was in trouble.

Lttlemoi

I once tried a denial of service attack on my friend. I knew he has a 32 bit computer, so I tried to send him a Facebook message 2^32 characters long thinking that it would crash his computer (and possibly lead to a blue screen of death). My computer crashed before I could send the message.

JHIsAwesome

"What time is it?"
Server: *You want to know the time?*
Server: *You want to know the time?*
Server: *You want to know the time?*
Server: *You want to know the time?*
Server: *You want to know the time?*
Server: *You want to know the time?*
Server: *You want to know the time?*
Server: *You want to know the time?*
Server: *You want to know the time?*

greenstonegecko

Tom Scott is by far my favorite person they interview on Computerphile

BlackhartFilms

haha i love this guy. he is always so energetic.

Koseiku

"Monlist!". The force of his disgust towards this command cracked me up no end! You just got yourself a new subscriber. Well done!

mvl

"How can you protect your servers?  The easiest way to update to NTP version 4.2.7, which removes the monlist command entirely.  If upgrading is not an option, you can start the NTP daemon with noquery enabled in the NTP conf file.  This will disable access to mode 6 and 7 query packetts (which includes monlist). 
By disabling monlist, or upgrading so the the command is no longer there, not only are you protecting your network from unwanted reconnaissance, but you are also protecting your network from inadvertently being used in a DDoS attack."

SleekMouse

Why don't we just remove Monlist?

Buzzy

i love how into it tom gets with the drawings

bluekissedgalaxies

That "monlist" command sounds like something that exists for debugging, and should require special permission to use. Even without the DoS attack part, it seems like a massive privacy/security violation to just let anyone anywhere ask for a list of everyone who has accessed something. My guess is that if it wasn't just an accident that it was left in, they left it in because removing it would break something. "We can't fix it because something else needs it to stay exactly the same" is a thing in programming.

BrttM

I like to imagine someone setting this up but forgetting to spoof the return and destroying themselves

cebsaid

I love how angry Tom gets over this subject. The _passion!_

bluephreakr

I love this guy. He always sounds so excited when he's talking.

DeadEye

"I approve this stream being sent to me"

thisisnootnoots

All of Computerphile's videos are cool and all, but....
Tom is just amazing!

Trirosmos