http://www.securityfocus.com/columnists/308?ref=rssdebia Quotes: "I wrote up a very simple bourne shell script on my work machine, which runs Mandrake Linux, and executed it under my non-privileged account. Within seconds, the machine was brought to its knees -- totally crippled and unusable. I stared at my screen in disbelief for a few moments, totally stunned with what had just happened." "I then proceeded to fork bomb every Unix machine I could get my hands on. My FreeBSD server at home shrugged it off (even after inviting other connected users to try), as did my OpenBSD gateway. This, too, is exactly what I expected to happen." "Next, I asked several my associates who use Linux to try it out on their machines, and we didn't have to go far to find more Linux distributions that succumbed to the same painfully effective fork bomb attack. Both Gentoo and Red Hat followed in the footsteps of Mandrake, and each died quicker than you can say "unreasonable default settings." I'll quickly mention here that Debian did not suffer the same fate as the others; congrats to the Debian development team." "For the record, I hope that anyone out there running Linux is just as surprised as I was that this ancient attack still works on the default installation of so many high profile Linux distributions. I personally don't understand how usability can supersede security when the consequences are so grave." -- Florin Andrei http://florin.myip.org/
