Introduction
A fork bomb (also known as a rabbit virus) is a denial-of-service attack that consists of a process that constantly replicates itself to exhaust all available system resources, slowing down or crashing the system due to resource starvation.
Here's an example of the most popular fork bomb in Linux:
:(){ :|:& };:
NOTE: do not run this on your system as it would crash the system!
Rundown of all elements
Here's a quick rundown of all elements:
-
:()
- Define the function. The:
is the function name and the opening and closing parenthesis means that the function does not accept any arguments -
{ }
- These characters show the beginning and end of the function -
:|:
- Here it loads a copy of the function:
into memory and pipe its own output to another copy of the:
function, which has to be loaded into memory as well -
&
- This starts the process as a background process🤩 Our Amazing Sponsors 👇View WebsiteDigitalOcean offers a simple and reliable cloud hosting solution that enables developers to get their website or application up and running quickly.View WebsiteLaravel News keeps you up to date with everything Laravel. Everything from framework news to new community packages, Laravel tutorials, and more.View WebsiteA Laravel Starter Kit that includes Authentication, User Dashboard, Edit Profile, and a set of UI Components. -
:
- The final:
executes the function and hence the chain reaction begins
Stopping a fork bomb
If you have a multi-user system, the best way to protect it against such attacks is to limit the number of processes a user can have by using PAM for example.
If you are already logged into the system you could do the following to stop the fork bomb:
- Run a SIGSTOP command to stop the processes of the user who ran the fork bomb:
killall -STOP -u someuser
Conclusion
For more information about the history of the fork bomb and other examples I would recommend checking this Wikipedia page.
Comments (1)