Inundator is a multi-threaded, queue-driven, IDS evasion tool. Its purpose is to anonymously flood intrusion detection systems (specifically Snort) with traffic designed to trigger false positives via a SOCKS proxy in order to obfuscate a real attack.
Who should use Inundator?
inundator would be used whenever you feel there is a significant chance the
attack you’re about to perform may be detected by the target’s intrusion
detection system. You would launch inundator prior to starting the attack,
and continue running it well after you have finished the attack. The hope is
that if your attack is detected by the IDS, the alert will be buried among
several thousand false positives, thus minimizing the chance of an IDS
analyst detecting the real attack.
[image: untador.JPG]
How does inundator work?
At a high level, inundator parses enough data from Snort’s vague and poorly-
written rules files to generate completely harmless traffic containing the
right key words to trigger a false positive. The actual ruleset used by the
target IDS will play a very large part in whether our false attacks trigger
a false positive, but we make a strong attempt to parse Snort’s rules in a
manner which maximizes the chance of our false attacks being detected.
After the rules are parsed, the necessary information for matching each rule
is queued up by destination port in the attack queue. An nmap scan is then
performed against each specified target to determine which ports are open on
each target, and this information is added to the targets queue. inundator
then spawns the requested number of threads, and each worker thread selects
a random target and random attack from the queues, generates a false attack
from the information in the attack queue, and sends the false attack to the
target via a SOCKS proxy inundator attempts to use Tor’s local SOCKS proxy
by default. The worker threads repeat this process in an infinite loop until
you decide to abort the application.
You can directly install inundator on Debian, BackTrack, and Ubuntu.
Just follow these simple steps:
1. Add the following to /etc/apt/sources.list:
1deb http://inundator.sourceforge.net/repo/ all/
2. Next, download and install the inundator GPG key:
1wget http://inundator.sourceforge.net/inundator.asc
2apt-key add inundator.asc
3. Then you can automatically pull in inundator and all its dependencies
via:
view source
print?
1aptitude update
2aptitude install inundator
Download the source for compilation and simply run ‘make install‘.
Dependencies:
Nmap
Perl (>= 5.10)
Net::SOCKS (>=0.03)
Net::CIDR (>= 0.11)
Snort’s rules files
Oinkmaster (for keeping Snort rules up to date)
Tor (If you don’t have a remote SOCKS proxy to exploit.)
http://sourceforge.net/projects/inundator/files/
--
Regards,
kishore sangaraju
--
You received this message because you are subscribed to the Google Groups
"nforceit" group.
To post to this group, send an email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/nforceit?hl=en-GB.
<<untador.JPG>>
