fork bomb attack
Thomas Hille
thomas.hille at nightsabers.org
Sat Mar 19 14:13:47 UTC 2005
Am Samstag, den 19.03.2005, 12:37 +0000 schrieb Rui Miguel Seabra:
> On Fri, 2005-03-18 at 21:23 -0700, Tyler Larson wrote:
> > Fork bombs have always been of little concern to admins. They do
> > relatively little damage and are completely traceable. The perpetrator
> > does little more than land himself in a lot of hot water. In most cases,
> > the threat of disciplinary action is enough protection--it's not an
> > attack that can be launched anonymously.
>
> They are definitely not of little concern. A fork bomb on the DNS server
> launched through some other bug would cause some interesting harm.
Sorry, but an admin that allows user to log into a dns server is either
stupid or ignorant. And when somebody would be able to log into it via a
bug, you should first fix that bug since there are other more efficient
ways to "get rid" of the dns server. (like overloading the network
interface with traffic)
> > In the extremely rare case where fork bomb protection is a big enough
> > concern to warrant reducing the process limits, the administrator can
> > impose whatever ulimit he wants. However, this is the exception rather
> > than the rule.
>
> Yes. But I don't envisage an user of fedora with 16k processes, do you?
>
> I agree that the limit is insanely high.
16k is high, but definitely not insanely. On a smp webserver the
"apache" user has no problem starting 1k to 2k processes. And having
read a recent review on one of Germany's it-magazine about Delta's new
8-way Opteron with 64GB main memory and up to 4 gigabit network-
connections I don't think 16k processes is impossible. - It simply
depends on what the machine does and what resources the machine has.
(BTW the 8-way machine comes with linux preloaded)
-Thomas
More information about the fedora-devel-list
mailing list