Fork Bomb, Pretty much clear by name, anything which uses the “fork” operation and explodes like a bomb is known as Fork Bomb. It’s a form of DOS (Denial Of Service) attack, using fork operation, in which a running process can create another running process. Fork bomb is sometimes referred as wabbit. In other words, Fork Bomb is a particular species of wabbit that can be written in one line of code.

How Fork Bomb Works:

A fork bomb process ‘explodes’ by recursively spawning copies of itself very quickly. Eventually it eats all the process table entries and effectively wedges the system. That means it will eat up complete process table and one won’t be able to fork any process anymore until any other process terminates. Even if that happens, it is not likely that a useful program may be started since all the instances of the bomb program will each attempt to take any newly-available slot themselves.

Examples of Fork Bomb:

:(){ :|: & };:

Or in much explained manner you can say something like that:

:(){ 

 :|:&

};:

This was the simplest fork bomb. One more for example

$0 & $0 &

How to avoid Fork Bomb:

There could be different ideas to protect the fork bomb. One of them is to limit the number of processes a user or group can run, which can easily put a tab on the total number of processes in the system.

$ sudo vi /etc/security/limits.conf
*    -    nproc    200
napster hard nproc 300
@student hard nproc 50

Or else you can simply put this limit on all the processes by putting this line in /etc/profile

if [ `/usr/bin/id -u` != 0 ]
then
ulimit -u 250 2> /dev/null
else
ulimit -u unlimited
fi

How to kill the Fork Bomb:

Fortunately, fork bombs are relatively easy to spot and kill. Well, first thing which anyone can follow is to restart your system. Trying to use a program to kill the rogue processes normally requires creating another process — a difficult or impossible task if the host machine has no empty slots in its process table, or no space in its memory structures.

Alternatively you can do a KILLALL and kill all the instances of the process, preventing them to spawn any other process.

$ killall -KILL BombProcessName

There are few other ways to do that, please refer to this link for the same – Defusing the Fork Bomb.

FAQs:

Q. How long it will take a Fork Bomb to kill/suspend a system ?

A. It takes nothing more than couple of seconds for a fork bomb to make any system non-responsive.

Q. Can we avoid for bombs from executing ?

A. Yes, we can. Just follow any of the steps written above.

Q. Is Fork Bomb a virus ?

A. No, it’s not. Fork Bomb is just a normal procedure happening at big scale.

Resources:

  1. http://en.wikipedia.org/wiki/Fork_bomb
If you enjoyed this post, make sure you subscribe to my RSS feed!!!!