I tried the fork bomb code :
:(){:|:&};:
and closed the PuTTy. Now it is not accepting the new connections(Denial of Service attack).
How can I recover from that ?
Asked
Active
Viewed 5,083 times
4 Answers
6
You might need to hard reboot the computer.
Assuming you have console access, you might try to get the process group ID (PGID) and kill that with :
kill -- -PGID
Or use SIGKILL instead of SIGTERM :
kill -9 -- -PGID
but it might not be possible to get the PGID practically as the system might be already occupied by the forked processes creating a deadlock.
This deadlock can happen when you don't have a sufficient limit on the number of processes a user or group can own, so it's better to set a lower limit before trying something destructive like a fork-bomb.
-
-
1
-
2that's my first upvote for a "reboot answer" and I hope, it's the last one =) – A.B. Aug 25 '15 at 10:08
-
-
@heemayl is there any chance if I am using it on Virtual box ? Is there any way out ? – Paresh Aug 25 '15 at 10:10
-
-
-
@PareshZawar Great..now try
ps -eo pid,ppid,pgid,cmd | grep ':'and check whats the output..you would get the PID,PPID and PGID of:.. – heemayl Aug 25 '15 at 10:16 -
-
-
-
@PareshZawar yes..there is..but you should try
REISUBsequence..read this https://en.wikipedia.org/wiki/Magic_SysRq_key – heemayl Aug 25 '15 at 10:48 -
REISUBis actuallySUB(or possiblySUO) only, depends on the binary digits defined by the setting in/etc/sysctl.d/10-magic-sysrq.conf- ref: http://askubuntu.com/a/334292/289138 – Hannu Aug 25 '15 at 11:14
5
You have used the classic "fork bomb" to use up all of your system's processes, and now your cannot get the system to run a process to help you (and all commands, programs, etc. require a process to run "in"). Any intervention will have to come from outside the system (e.g.,reset the VM, cycle the power, CtrlAltDelete). Did you not understand what then code says?
:(){:|:&};:
:()
Define a shell function, called ":".
{
Begin the definition of the function, which is:
:
Call the ":" function.
|
Pipe the output of ":"
:
to another call to ":"
&
Fork a process to put the pipeline (:|:) in the background.
}
End of definition of the function ":"
;
End of the shell statement defining the ":" function
:
Call the ":" function to begin.
If you run code without understanding it, you accept the results of the code.
waltinator
- 36,399
-
While an explanation of what the code does is interesting, it doesn't quite explain how to stop it, which is what the question asks. Could you perhaps expand on that outside intervention sentence? – 8bittree Aug 26 '15 at 01:01
-
3@8bittree: I did. "(e.g.,reset the VM, cycle the power, CtrlAltDelete)" – waltinator Sep 28 '15 at 22:57
1
According to this it should in theory be possible to use Alt+SysRq+f to get rid of fork bombs — although, again, probably only possible if the kernel is capable of allocating enough memory to kill it.
realkstrawn93
- 171
0
If you can't connect again, you do not have a chance. Maybe you can wait for an out of memory error
If you can connect, try the command below
pkill -f :
And as you said in your comments
I am running it in Virtual box
Reset the machine via VirtualBox.
while (sleep 100 &) do; done(I didn't test it so I won't post it as an answer, but it might still be relevant) – Aserre Aug 26 '15 at 07:55