Fork bombing a Linux machine as a non-root user
Aleksandar Milivojevic
amilivojevic at pbl.ca
Mon Mar 21 16:42:49 UTC 2005
Felipe Alfaro Solana wrote:
> I agree... a fork-bomb is a local attack, which is far more powerful
> than remote attacks, although fork-bomb can only deny service. Once an
> attacker gets local access to your machine, you're in a very bad
> position. On point of defense-in-depth is to keep bad guys from gaining
> local access.
The fork bomb belongs to "resource attacks". There are other (just as
efficient) attacks in this category. I showed variation that attacks
the combination of virtual memory and disk access (actaully it is
attacking disk access, since it really doesn't consume any virtual
memory). The fork bomb is hard to perform remotely. The other attack I
described (from same category as fork bomb) is possible to perform
remotely, if there is exploitable application on the system that you can
force into making the system to start swapping aggressivly.
So "fork bomb is local attack" is no excuse for system not being able to
defend itself from resouces attacks (which is where specific attack
called "fork bomb" belongs).
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the fedora-list
mailing list