Open in app

Sign in

Write

Sign in

What is a Fork Bomb Attack?

Dawodu Michael
6 min readJul 11, 2022

--

What is a fork bomb attack?
What is a fork bomb attack?

Introduction

A fork bomb attack is the most popular variant of the infamous rabbit virus, or wabbit, as it is commonly called. The rabbit virus was rightly named for how fast and how much rabbits can reproduce. The rabbit virus is a type of denial-of-service (DoS) attack wherein a process persistently reproduces itself to drain accessible system resources, slowing down the system operating system to a crawl until it eventually crashes due to resource starvation.

DoS attack; is a family of attacks that crashes a computer processor or renders it inaccessible or inoperable by spamming it with false requests, commands, or operations beyond its processing power so that it cannot carry out legitimate tasks or respond to actual requests.

To understand the relationship between fork bomb and DOS attack, you need to learn all that DOS attack is about. Discover more about DOS attack here.

For DoS attacks such as fork bomb attacks to work, they depend on the willingness of the computer to keep accepting command requests and carrying out operations. This guide teaches the fork bomb command and how to mitigate a fork bomb attack, but before anything, let’s answer the question, “what is a fork bomb?”

What is a fork bomb attack?

A fork bomb attack, also known as the rabbit virus, is a DoS attack that, unlike many DoS attacks, does not attack externally but internally with an already existing operation. Instead, it duplicates an already running command or operation as much as possible until the processor can no longer carry out any more functions. For better understanding, imagine opening a tab on your computer browser, then playing a video, maybe on YouTube, at the highest quality, then opening more tabs playing the same video on loop. Sooner or later, that computer’s processor is bound to be overworked, rendering it inoperable or even crashing. That is how a fork bomb attack works.

It typically manipulates the computer’s OS by sending it a command to run a function that recalls itself using recursion, and this process often continues in an endless cycle. Since the memory requirement for each call will double on each replication, the systems’ usable RAM is gradually drained. Once the system is out of available RAM to allocate to new processes, the entire machine starts slowing down until it comes to a halt.

Fork bomb attack command

Fork bomb command
Fork bomb command

:(){:|:&};:

This is a simple bash function yet a very destructive program as it initiates a bash fork bomb; this mostly works on Linux computers that use the Bourne Again Shell or Bash. The attack exploits a vulnerability in the shell script and uses it to wreak havoc.

  • The “:()” establishes a function in Linux named:
  • “{}” houses the command to be operated
  • “:|:” starts the command and runs the output through to another version of the command running in a subshell, making it recursive.
  • “;” separates the establishing command on the left from the next command on the right so that they are not directly linked and cannot be ended in one terminating command.
  • “:” runs the newly created child function — “:”, and then repeats the cycle leading to the infinite loop.

This fork bomb command is designed so that every individual function is separated and has to be individually identified before they can be stopped, making it impossible to end the forking progress easily, considering that the computer will gradually slow down. The forking process creates new functions rapidly, and it is impossible to end a forking process once it is in motion.

The command given to a system during a fork bomb attack doesn’t do anything reasonable, which is the entire point of a DoS attack. Instead, it spams your computer or server with unproductive commands to prevent it from taking any productive commands from the user.

How does fork bomb attack work?

  • A fork bomb, just like its name, has an initial function, the “parent” function, which duplicates itself to form a branch of numerous similar functions, the “child” functions, from which more duplicate operations are produced, leading to an infinite reproduction of child operations until the device’s operating system is spent. Its RAM is completely depleted, causing the device to eventually slacken and reject any commands from users to carry out actual functions until it ultimately.
  • A bash fork bomb begins with a command program sent to the computer’s OS, a program that initiates an operation that is set to create duplicates of itself simultaneously. Since every duplicate bears the same code as the parent function, they are also set to make duplicates of themselves, leading to an infinite production of child functions that all run on the computer’s processor, leading to its crash.
  • A crashed computer or server is no fun, and it is worse when the crash leads to a loss in saved data or total loss of the entire computer as it isn’t all computers that reboot after a crash, and it mostly requires a hard restart which could result in data forfeiture. Like many other DoS attacks, a fork bomb attack aims to make a device inaccessible for use, and most times, they lead to a loss of data or a data breach. It is impossible to stop a fork bomb attack while it is running as the device focuses all its processing power on the most demanding task, which will definitely be the infinitely self-replicating operation, thereby making it impossible for the user to run a program that would kill the forking process, so the only option is to have a shell fork bomb protection to protect your data and device before it is even attacked.

How do you mitigate the effects of a fork bomb attack?

How to mitigate fork bomb
How to mitigate fork bomb
  1. Mitigating or lessening the effect of a fork bomb attack can be achieved by saving data to the cloud so that they can be retrieved once the device reboots, but seeing how bad it is to even through the nightmarish experience of having your computer attacked and leaving you helpless, the smarter option is to fortify your device against any attacks before they even happen.
  2. One way is to limit the amount of memory allocated to a process, this is done differently on various operating systems, but it is a simple process; if a process demands more than the limit you set, you can be sure it’s a fork and can eliminate it immediately.
  3. Another way to prevent a fork bomb attack is “vulnerability management.” This is a process of spotting a weak spot in a device’s operating system and upgrading it to patch that weak spot; it is a continuous process as attackers develop new ways to get through a device’s security every day, creating new vulnerabilities. A regular computer owner can’t carry out vulnerability management, you can either get a cybersecurity professional to run a vulnerability check on your device and patch it from time to time, or you can stay tuned to your device’s producers and watch out for updates that they might release for a shell fork bomb protection as they also run regular vulnerability checks and try as much as possible to keep your device protected from attacks.

Conclusion

The fork bomb attack is simple yet destructive, making it an easy go-to in any hacker’s arsenal. Understanding how the fork bomb command works reveal many fundamental concepts of modern operating systems and computer programming. Even if you don’t want to be able to use a fork bomb, knowing how it works and how to prepare against it will help you keep your device safer for longer.

Cybersecurity
Cybercrime
Cyberattack
Forkbomb
Dos Attack

--

--

Dawodu Michael

Written by Dawodu Michael

6 Followers

Hello! I’m a technical writer who enjoys writing about infosec, cybersecurity and software.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams