What is a docker fork bomb? πŸ³β‘‚πŸ’£

somehow this is still a thing in docker, after more than 7 years

Ion Utale
2 min readOct 1, 2023

A Docker fork bomb is a type of Denial-of-Service (DoS) attack that exploits the ability of Docker containers to be easily forked. The attacker creates a Docker container that runs a script that forks itself repeatedly. This quickly creates a large number of processes, which can consume all of the available CPU and memory resources of the host system, making it unavailable to other users.

Docker fork bombs can be used to attack both individual Docker hosts and Docker clusters. To attack an individual Docker host, the attacker can simply create and run a Docker container that contains the fork bomb script. To attack a Docker cluster, the attacker can create multiple Docker containers that contain the fork bomb script and deploy them to different nodes in the cluster.

Imagine docker fork bomb with the log4j

There are a number of ways to defend against Docker fork bombs. One is to limit the number of processes that a Docker container can run. Another is to use a resource manager to monitor the CPU and memory usage of Docker containers and kill any containers that are consuming too many resources. Finally, it is important to keep Docker software up to date, as many vulnerabilities have been patched in recent…

--

--

Ion Utale
Ion Utale

No responses yet