Thursday, July 22, 2010

False Positive Generator - inundator

Inundator is a multi-threaded, queue-driven, anonymous intrusion detection false positive generator with support for multiple targets.

It can be used:

  • before, during and after a real attack to bury any IDS by flooding with false positives attack.
  • mess with an IDS analyst and keep the CIRT busy for investigation.
  • test the effectiveness of an IDS/IPS. (Less alerts mean a better product; more alerts mean a horrible product)
Inundator is part of the BackTrack. However, if you prefer to add it to your manually:
  • Add repository to /etc/apt/source.list:
deb http://inundator.sourceforge.net/repo/ all/

  • Then, download and install GPG key:
wget http://inundator.sourceforge.net/inundator.asc
apt-key add inundator.asc


  • Then you can automatically pull in Inundator and all its dependencies:

aptitude update
aptitude install inundator