Fork bombs are a kind of denial-of-service attack which entails overloading systems with the continuous use of fork system calls until the systems start to lag or grind to a halt. With the use of a fork bomb, the hackers can essentially make the system inoperable, and incapable of responding to any external inputs. A fork bomb is intended to completely shut down the system.
Ironically, fork bombs can be self-inflicted. That is, they can be the result of internal commands overloading the system and not external inputs. These internal commands could in turn overwhelm all available resources, mimicking a legitimate cyberattack.
A fork bomb attack can cause a system to become stagnant and even crash. The effects of the fork bomb can linger until the user executes a hard reboot, which leads to loss of data. Systems that are prone to this kind of attack include Unix, Unix-based systems and Linux.
Preventing fork bombs
- Reducing the maximum limit on the number of processes that a single user can generate.
- Creating system-wide limits on allowed processes.
- Reducing the maximum volume of memory the system can use per process.
- Regularly updating the system software to keep it up-to-date with the latest threats.
- Employing intrusion detection and prevention systems (IDPS) capable of identifying and blocking suspicious behaviour resembling fork bomb attacks.