• Identity 101
  • What Is a Fork Bomb? Definition, Code, Prevention & Removal

What Is a Fork Bomb? Definition, Code, Prevention & Removal

Updated: 08/30/2024 - 7:29
Time to read: 3 minutes

A fork bomb is a denial-of-service attack. A tiny piece of code causes a process to replicate, and each time, the new instance of the program further depletes available system resources. When the attack pushes a server to the limit, it crashes. 

Fork bombs aren't new. One of the very first instances of these attacks happened back in 1969. But sometimes, old threats work just as well as new ones in taking systems offline.

How does a fork bomb work? 

Imagine opening hundreds or even thousands of instances of a process on your computer. The fan would whir, performance would lag, and eventually, your device would crash. A fork bomb works in much the same way.

Fork-bomb code creates a copy of a program. Once the new instance is running, the fork happens again. This process can happen indefinitely or until it exhausts all available memory. A denial-of-service attack like this can be devastating.

fork bomb image

Implementing fork bombs is relatively easy for an experienced hacker. We won’t go into detail here (since we don’t want to give anyone the wrong idea), but often, just a tiny bit of code is required.

Can You Prevent a Fork Bomb?

You can't sit over the shoulder of every developer and keep them from including code that could harm you. But you can do two important things to ensure that a fork bomb is less likely to take your system down.

Start by limiting the maximum number of processes a single user can own. This is a remarkably easy task in Linux. If you keep your users from owning more than a handful of processes, they can't get an attack like this off the ground.

You can also limit memory use per process. If a process needs more than the limit you've set, you're likely dealing with a duplication, and you can deny execution right away. This simple step can also keep a fork bomb from depleting server capacity.

If an attacker hits you with a fork bomb, you will need to reset your server. And unfortunately, you'll need to remove every instance of the code to make the attack stop.

If you're looking for even more ways to protect yourself in a Linux environment, consider our white paper about enforcing least-privilege access for Linux servers. And don't be afraid to reach out to Okta if you have questions.

References

Understanding Bash Fork Bomb Code. (January 2019). NixCraft. 

Security Against Fork Bomb Attack in Linux-Based Systems. (April 2019). International Journal of Research in Advent Technology.

You Might Also Like

Rooted Devices: Definition, Benefits & Security Risks

Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks.

Learn more

What Is Public Key Infrastructure (PKI) and How Does It Work?

Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks.

Learn more

WFH Cybersecurity Guide for Employers and Employees

Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks.

Learn more

What Is a DNS PTR Record & What Is It Used For?

A pointer (PTR) record resolves an IP address (made up of numbers and decimals) into a domain name.

Learn more