The general idea is one would launch inundator prior to starting an attack, allow it to run during the attack, and continue to run it a while longer after you’ve accomplished the attack. The goal, of course, is to generate an overwhelming number of false positives so that your real attack is essentially buried within the other alerts, minimizing the chance of your attack being detected. It could also be used to ruin an IDS analyst’s day, or keep an organization’s infosec department busy for a while.
Other Example Scenarios:
* Before, during, and after a real attack to bury any potential alerts among a flood of false positives.
* Seriously mess with an IDS analyst and keep an InfoSec department busy for days investigating false positives.
* Test the effectiveness of an intrusion detection or prevention system. Less alerts means a better product; more alerts means a horrible product.
USE THIS TOOL FOR LEGAL PURPOSES ONLY!
Downloading and installing Inundator:
The preferred method of installation for all other .deb-based distributions is via software repository. This is by far the best and simplest way of installing Inundator and its dependencies.
Add repository to /etc/apt/sources.list:
deb http://inundator.sourceforge.net/repo/ all/Next, download and install our GPG key:
wget http://inundator.sourceforge.net/inundator.ascThen you can automatically pull in Inundator and all its dependencies:
apt-key add inundator.asc
aptitude update
aptitude install inundator
0 comments:
Post a Comment