Educause Security Discussion mailing list archives
Re: Software that scans for SSN
From: "Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>
Date: Wed, 28 Sep 2005 10:19:36 -0500
hi Gary -- we apply individual pcre SSN & CC sigs to target specific apps/ports.. this approach, combined with a distributed sensor model has been very successful and we have seen negligible increases in sensor resources.. our false positive rate is less than 10%.. ~cam. Cam Beasley CISSP CIFI Director / UISO ITS/Information Security Office University of Texas at Austin cam () austin utexas edu 512.475.9476 ------------------------------
-----Original Message----- From: Gary Golomb [mailto:coach () GWU EDU] Sent: 2005, September 28, Wednesday 06:52 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Software that scans for SSNIn fact, there are a few snort rules for SSNs/CCs; checkthe rulesetsat bleedingsnort.com, specifically bleeding-policy.rules, sids 2001375-2001383.For the guys who've tried the snort SSN sigs - what kind of results did you get? We loaded *only* the SSN sigs, and the cpu spiked to 99% and dropped most of the packets on the wire. Have you guys really been getting different results?
Current thread:
- Software that scans for SSN Leila Lyons (Sep 27)
- <Possible follow-ups>
- Re: Software that scans for SSN Gary Golomb (Sep 27)
- Re: Software that scans for SSN Ramon Hermida (Sep 27)
- Re: Software that scans for SSN Lee Weers (Sep 27)
- Re: Software that scans for SSN Lee Weers (Sep 27)
- Re: Software that scans for SSN Jeff Kell (Sep 27)
- Re: Software that scans for SSN Gary Golomb (Sep 28)
- Re: Software that scans for SSN Ramon Hermida (Sep 28)
- Re: Software that scans for SSN Cam Beasley, ISO (Sep 28)
- Re: Software that scans for SSN Graham Toal (Sep 28)