Boooombs Away!

It’s one of the iconic end scenes from 1995 film Hackers, where everyone bands together and attacks the Gibson from all over the world. Interestingly enough, while a Gibson in the film is a term for the supercomputer attacked, in reality it was a tribute to William Gibson’s work as a Cyberpunk author. This same mantra follows attacks given all sorts of colorful names like: ‘Rabbit’ and ‘cookie monster’, but there are more tributes to history here that I knew little about until I decided to research more about the fork bombs we comically joke about so much within the community.

In 1969, there was a reported hack at the University of Washington labeled RABBITS; which was a program that made two copies of itself, crashing a system when it ran and this happens to also be the fork bomb and works recursively to eat up memory.

A screenshot of characters from the 1995 film Hackers

In Linux/Unix, a fork is a system call used for creating child processes from its parent; whereas both can carry out various tasks simultaneously. The fork() is the parent, and both parent/child execute instructions on following the call (it returns a few integer values but takes no parameters).. Windows is a bit different when it comes to the functionality of this particular syscall, so a new process is made instead of forking from an existing one.

Fork bombs are considered Denial-of-Service attacks, because self-replicating child processes eat up resources and prevent the creation of new ones, which lock a system up. There are a few simple ways to stop this from happening however, which I’ll cover in a little bit.

The most commonly seen fork bomb example is the following:
:(){ :|:& };:

:() Defines a function named : while {} encloses commands functions run
:|: Runs a command recursively using output piped to another version
& Runs the command in the background and ; separates the function to the left.

There are plenty of fork bomb examples in different languages that can be found here: https://github.com/aaronryank/fork-bomb

To finish up, there are quite a few fixes you can implement, but the easiest is to simply use the ulimit command to set the maximum amount of processes that can be run.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store