What is a Fork Bomb in Linux and how to stop it?

Created June 9, 2021


A fork bomb (also known as a rabbit virus) is a denial-of-service attack that consists of a process that constantly replicates itself to exhaust all available system resources, slowing down or crashing the system due to resource starvation.

What is a Fork Bomb in Linux and how to stop it?

Here's an example of the most popular fork bomb in Linux:

:(){ :|:& };:

NOTE: do not run this on your system as it would crash the system!

Rundown of all elements

Here's a quick rundown of all elements:

Stopping a fork bomb

If you have a multi-user system, the best way to protect it against such attacks is to limit the number of processes a user can have by using PAM for example.

If you are already logged into the system you could do the following to stop the fork bomb:

killall -STOP -u someuser


For more information about the history of the fork bomb and other examples I would recommend checking this Wikipedia page.