A Fork Bomb is a classic example of a denial-of-service (DoS) attack at the operating system level. It’s simple, sneaky, and surprisingly powerful.

🧨 What Is a Fork Bomb?

A Fork Bomb is a malicious or mischievous program that repeatedly replicates itself to exhaust system resources—especially CPU and memory—until the system becomes unresponsive or crashes.

It’s called a “fork bomb” because it abuses the fork() system call, which is used in Unix-like operating systems to create new processes.

🧠 How It Works

Here’s the basic idea:

1. Forking Frenzy:

   • The program starts by creating a copy of itself using fork().
   • Each copy then creates more copies.
   • This process continues exponentially.

2. Resource Exhaustion:

   • The system quickly runs out of process table entries, CPU cycles, and RAM.
   • Legitimate processes can’t run, and the system may freeze or crash.

3. No Destruction, Just Overload:

   • A fork bomb doesn’t delete files or corrupt data.
   • It simply overwhelms the system.

🧪 Example in Bash (Linux)

Here’s a famous one-liner fork bomb:

:(){ :|:& };:

Breakdown:

• : defines a function named :.
• { :|:& } calls the function twice (: piped into :), and runs it in the background (&).
• ; ends the function definition.
• : calls the function, starting the bomb.

🛡️ How to Prevent It

• Limit User Processes:

  • Use ulimit in Linux to restrict the number of processes a user can spawn.
  • Example: ulimit -u 100 limits a user to 100 processes.

• Use cgroups:

  • Control Groups (cgroups) can isolate and limit resource usage per user or process group.

• Monitor and Alert:

  • Use system monitoring tools to detect unusual spikes in process creation.

⚠️ Why It’s Dangerous