Thursday, July 22, 2010

False Positive Generator - inundator

Inundator is a multi-threaded, queue-driven, anonymous intrusion detection false positive generator with support for multiple targets.

It can be used:

  • before, during and after a real attack to bury any IDS by flooding with false positives attack.
  • mess with an IDS analyst and keep the CIRT busy for investigation.
  • test the effectiveness of an IDS/IPS. (Less alerts mean a better product; more alerts mean a horrible product)
Inundator is part of the BackTrack. However, if you prefer to add it to your manually:
  • Add repository to /etc/apt/source.list:
deb all/

  • Then, download and install GPG key:
apt-key add inundator.asc

  • Then you can automatically pull in Inundator and all its dependencies:

aptitude update
aptitude install inundator