On 21 Mar 2005, at 17:42, Aleksandar Milivojevic wrote:
Felipe Alfaro Solana wrote:
I agree... a fork-bomb is a local attack, which is far more powerful than remote attacks, although fork-bomb can only deny service. Once an attacker gets local access to your machine, you're in a very bad position. On point of defense-in-depth is to keep bad guys from gaining local access.
The fork bomb belongs to "resource attacks". There are other (just as efficient) attacks in this category. I showed variation that attacks the combination of virtual memory and disk access (actaully it is attacking disk access, since it really doesn't consume any virtual memory). The fork bomb is hard to perform remotely. The other attack I described (from same category as fork bomb) is possible to perform remotely, if there is exploitable application on the system that you can force into making the system to start swapping aggressivly.
So "fork bomb is local attack" is no excuse for system not being able to defend itself from resouces attacks (which is where specific attack called "fork bomb" belongs).
I agree... and that's why usually run Bastille Linux on all my machines (on of the things Bastille can do is impose some limits on system resource usage).