Skip to main content


Home Fork bomb

Fork bomb

(also rabbit virus)

Fork bomb definition

A fork bomb is a type of denial-of-service (DoS) attack that involves overloading systems by continuously using fork system calls until the systems slow down or become unresponsive. By overloading a system with a fork bomb, attackers aim to render it inoperable and unable to respond to any more inputs. At the end of a fork bomb attack, the targeted system shuts down completely.

Fork bombs can sometimes be self-inflicted because they use internal commands rather than using external resources to flood a network. The internal commands take up all of the system’s resources because there are too many and block programs that legitimate users are trying to run on it. So, they prevent the users from doing their jobs.

A fork bomb can lock an entire system and overwhelm a network to the extent that it completely crashes. The crash lasts until the network or system is restarted. However, to restart a system that was attacked with a fork bomb, users need to do a hard reboot, which can result in data loss. Individuals and organizations using Windows operating systems are not vulnerable to traditional fork bomb attacks. However, those who use any type of Linux, Unix, and Unix-based operating systems are.

See also: flooding, hard reboot

Fork bomb prevention

  • Limiting the max number of processes that a single user can create.
  • Setting system-wide process limits.
  • Limiting the max amount of memory that can be used for one process.
  • Keeping the system software up to date with the latest security patches and updates.
  • Deploying intrusion detection and prevention systems (IDPS) that can detect and block abnormal or malicious behavior indicative of fork bomb attacks.