Archive for the tag 'Bombing. attack'

SBDavid

How to Prevent Fork Bombing attack

How to Prevent Fork Bombing attack

Linux has provided various resource limits for each user, such as user limit (ulimit) for CPU time, number of processes (nproc), memory usage etc. ulimit is the solution to prevent fork bombing attack. It defines maximum number of processes allowed (ulimit –u) for each user.

There are two types of ulimit. One is HARD limit and the other is SOFT Limit. Non root
user cannot change the hard limit by executing commands like ulimit –u value.

Root user on remote server or Host needs to set the ulimit to prevent fork bombing attack. ulimit are set in /etc/security/limits.conf file. To set ulimit for number of processes, option provided is nproc. Hard and soft limit need to be set for that.

For example:

@root nproc hard 5000
@root nproc soft 4000
@buddy nproc hard 2000
@buddy nproc soft 1000