It can be used:
- before, during and after a real attack to bury any IDS by flooding with false positives attack.
- mess with an IDS analyst and keep the CIRT busy for investigation.
- test the effectiveness of an IDS/IPS. (Less alerts mean a better product; more alerts mean a horrible product)
Inundator is part of the BackTrack. However, if you prefer to add it to your manually:
- Add repository to /etc/apt/source.list:
deb http://inundator.sourceforge.net/repo/ all/
- Then, download and install GPG key:
wget http://inundator.sourceforge.net/inundator.asc
apt-key add inundator.asc
- Then you can automatically pull in Inundator and all its dependencies:
aptitude update
aptitude install inundator