fork bomb attack

[Florin Andrei]

http://www.securityfocus.com/columnists/308?ref=rssdebia

Quotes:
"I wrote up a very simple bourne shell script on my work machine, which
runs Mandrake Linux, and executed it under my non-privileged account.
Within seconds, the machine was brought to its knees -- totally crippled
and unusable. I stared at my screen in disbelief for a few moments,
totally stunned with what had just happened."
"I then proceeded to fork bomb every Unix machine I could get my hands
on. My FreeBSD server at home shrugged it off (even after inviting other
connected users to try), as did my OpenBSD gateway. This, too, is
exactly what I expected to happen."
"Next, I asked several my associates who use Linux to try it out on
their machines, and we didn't have to go far to find more Linux
distributions that succumbed to the same painfully effective fork bomb
attack. Both Gentoo and Red Hat followed in the footsteps of Mandrake,
and each died quicker than you can say "unreasonable default settings."
I'll quickly mention here that Debian did not suffer the same fate as
the others; congrats to the Debian development team."
"For the record, I hope that anyone out there running Linux is just as
surprised as I was that this ancient attack still works on the default
installation of so many high profile Linux distributions. I personally
don't understand how usability can supersede security when the
consequences are so grave."

-- 
Florin Andrei

http://florin.myip.org/