Saturday, July 3, 2010

Inundator v0.5 released

an intrusion detection false positives generator

inundator is a modern twist on an old concept -- it's an IDS/IPS/WAF evasion tool,used to anonymously flood intrusion detection systems with false positives in order to obfuscate a real attack.inundator leverages the vagueness and poor quality of Snort's rules files to generate completely harmless packets / HTTP requests that contain just enough keywords to trigger a false positive.We thought this was an original idea, but it looks like Snot, fwsnort's snortspoof, and possibly others beat us to the punch. However, these tools were developed around the turn of the century, are quite dated and well-forgotten, and overall quite inferior to inundator.

inundator is full featured,multi-threaded, queue-based,supports multiple targets,and requires the use of a SOCKS proxy for anonymization.Via Tor,inundator is capable of generating around 1000 false positives per minute. Via a high-bandwidth SOCKS proxy,you might be able to generate ten times that amount

More info and download: http://inundator.sourceforge.net

No comments: