Exploding your system: The deadly Fork Bomb in Linux

📆 · ⏳ 3 min read · ·

Introduction

A fork bomb is a type of denial-of-service attack that can crash or freeze a Linux system by overwhelming its resources with a large number of processes.

Essentially, a fork bomb involves repeatedly executing a command that creates new processes until the system becomes unresponsive or crashes.

The fork bomb attack is often executed by malicious users or hackers, but it can also happen accidentally if an inexperienced user runs a poorly written script or command.

In this article, we’ll take a closer look at the fork bomb attack and provide some tips for protecting your Linux system from this type of attack.

What is a fork bomb in Linux?

A fork bomb is a type of denial-of-service attack that exploits the Linux operating system’s process management system. In Linux, each process creates a child process using the fork() system call. The child process inherits the parent process’s resources, including CPU time, memory, and open files.

A fork bomb works by repeatedly calling the fork() system call to create new child processes. As the number of child processes increases, the system’s available resources are quickly exhausted, leading to slow performance or system crash.

How to create a fork bomb in Linux?

Creating a fork bomb is simple. You just need to execute a command that repeatedly calls the fork() system call to create new child processes.

Here’s an classic example of fork bomb command

A visual depiction of what is being written about
Terminal window
:(){ :|:& };:
đź’ˇ

Warning!

Do not run this command directly on your terminal!

This command defines a shell function called : (colon) that calls itself twice, creating two child processes.

The | character pipes the output of the first call to the second call, creating an infinite loop of child processes.

The & character sends each child process to the background, allowing the parent process to continue creating new child processes and the ; character terminates the command.

And finally we call the function : for the first time and kick off the fork bomb.

You can restructure the above same command to make it more readable.

Terminal window
fork_bomb() {
fork_bomb | fork_bomb &
}
fork_bomb

How to protect your Linux system from fork bombs?

There are few ways to protect your Linux system from fork bomb attacks. One method is to limit the number of processes a user can create by setting resource limits using the ulimit command.

For example, you can limit the number of processes a user can create by running the following command:

Terminal window
ulimit -u 100

This sets the maximum number of user processes to 100. You can adjust this value depending on your system’s resources and requirements.

Another way to protect your system is to use a process monitoring tool like htop or top to identify and terminate any fork bomb processes.

These tools show a list of all running processes and their resource usage, allowing you to quickly identify any processes that are consuming too many resources.

Conclusion

A fork bomb is a potentially dangerous command that can crash or freeze a Linux system by overwhelming its resources with a large number of processes. It is important to understand what a fork bomb is and how it works to protect your Linux system from this type of attack.

By following the tips mentioned in this article, you can limit the number of processes a user can create and use process monitoring tools to identify and terminate any fork bomb processes that may be running on your system.

You may also like

  • Protect Your Linux Server with UFW Firewall: A Step-by-Step Guide

    Ensure the security of your Linux server by setting up a firewall. UFW (Uncomplicated Firewall) is a user-friendly firewall that's easy to set up and configure. In this guide, we'll walk you through the process of installing UFW, creating firewall rules, and managing firewall rules in Linux.

  • Stay Secure — Essential SSH Security Practices for Linux Servers

    Protect your Linux server from potential threats by following best practices for SSH security. Learn about using strong passwords, disabling root login, enabling public key authentication, and more in our comprehensive guide.

  • Mount a drive permanently with fstab in Linux

    Let's see how to mount a drive permanently in Linux using the fstab file which will mount the drive automatically on boot.